Go to listing page

Cyware Daily Threat Intelligence, September 08, 2020

Cyware Daily Threat Intelligence, September 08, 2020

Share Blog Post

The ill-famed Emotet trojan continues to rise as a deadly threat in the cybersecurity world. After being spotted recently in different spam campaigns, the trojan has begun to inflict its evil activities against entities in Japan, France, and New Zealand. As a result, the cybersecurity agencies of these countries have issued guidelines across public and private entities to prevent Emotet infection.

In other news, a researcher has demonstrated a new attack technique that can be used to steal Windows account credentials. The attack leverages specially-crafted Windows 10 themes and theme packs that can trigger Pass-the-Hash attacks against Windows users.

Top Breaches Reported in the Last 24 Hours

BancoEstado hit
BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches following an attack by REvil ransomware. The incident took place over the weekend and originated from a malicious Office document opened by an employee.

Digital Point leaks data
Digital Point had leaked over 63 million records due to an unprotected Elasticsearch database in July 2020. The types of data exposed in the incident included names, email addresses, and ID numbers of nearly 900,000 users.

Newcastle University attacked
U.K-based Newcastle University suffered a cyberattack after DoppelPaymer ransomware operators breached its network and took systems offline. The University explains that it will take several weeks to recover from the attack. The investigation into the incident, which occurred on August 30, is still at an early stage.

Top Malware Reported in the Last 24 Hours

Emotet’s terror continues
The French national cyber-security agency has published an alert about a surge in Emotet attacks in the country. The trojan is targeting both private and public entities across the nation. The agency has provided a list of recommendations for organizations to prevent Emotet infections. Likewise, cybersecurity agencies in Japan and New Zealand have also released advisories about the uptick in Emotet attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Google resolves XSS vulnerability
Google resolved a Cross-Site Scripting (XSS) vulnerability found in Google Maps. The issue, which exists in how Google Maps handles export features, was first reported in April. However, Google’s original fix to the issue failed and a second patch was deployed soon after.

Vulnerable MoFi routers
Routers manufactured by MoFi Network are affected by 10 critical vulnerabilities that can allow attackers to take complete control of targeted devices. Some of these vulnerabilities can be exploited to gain authentication on a device using hardcoded or weak credentials. The vendor has patched the critical issues, but there are flaws that can still be abused to bypass the patches and introduce new backdoors.

Abusing through Windows 10 theme
Specially-crafted Windows 10 themes and theme packs can be used to steal Windows account credentials from unsuspecting users, a researcher warned. These malicious themes could be used to perform Pass-the-Hash attacks.

Top Scams Reported in the Last 24 Hours

Russia enters the BEC game
A Russia-based BEC gang, named Cosmic Lynx, uses a combination of social engineering techniques and well-crafted email messages to launch BEC attacks against firms. The phishing emails are sent on the pretext that the target organization is preparing to close an acquisition with another company as part of a planned corporate expansion. The scammer group has launched more than 200 BEC campaigns in 46 countries, since July 2019. The group is also credited for stealing as much as $1.27 million in a single BEC attack.

 Tags

mofi routers
xss vulnerability
newcastle university
emotet trojan
windows 10 themes
bancoestado

Posted on: September 08, 2020


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite