Cyware Daily Threat Intelligence, September 21, 2020

Share Blog post

While there is a multitude of vulnerabilities reported every day, some design flaws affecting key software platforms can give rise to entirely new patterns of cyberattacks. Two such attacks have been discovered due to design issues in Mozilla Firefox 68 and Google App Engine.

The issue in Firefox 68 can allow attackers to launch MitM attacks and install malicious codes on targeted users’ phones without the need to click on the links. Meanwhile, the design flaw in Google App Engine can be exploited to create multiple phishing pages. Researchers discovered that attackers are actively targeting the vulnerability and in one incident, they had created over 2,000 phishing pages of Microsoft by abusing Google’s appspot.com domain.

Top Breaches Reported in the Last 24 Hours

University of Tasmania data breach
The University of Tasmania has revealed a phishing attack that affected the personal details of almost 20,000 students. The leaked data included personally identifiable information, which was accessible to all users having ‘utas.edu.au’ email address. Information belonging to 19,900 students was made public through the Microsoft Office365 platform SharePoint.

Hackers leak Belarus police data
A group of hackers has leaked the personal information of more than 1,000 high-ranking Belarusian police officers. Among the compromised data leaked, it includes names, dates of birth, job titles, and departments of officers.

Top Vulnerabilities Reported in the Last 24 Hours

Firefox flaw
A vulnerability in Firefox for Android could have let remote attackers open arbitrary websites on a targeted user’s phone without the need to click on links. The vulnerability, which is related to the SSDP server, could result in a MitM attack or installation of malicious applications. It affects version 68 of Firefox and has been fixed in version starting from 79.

Default login option in ATO
The default login option for agents used by the Australian Taxation Office (ATO) can be abused by attackers to capture user details. The stolen data can later be used to log into other accounts held by myGovID user. The attack leverages the Trusted Digital Identity Framework and protocols implemented on the website.

Abuse of Google App Engine
A newly discovered technique can allow attackers to abuse Google App Engine domains to create unlimited phishing pages. The technique was verified by researchers by exploiting Google’s appspot.com domain. Furthermore, the researchers confirmed that the technique is being actively exploited in phishing attacks after the discovery of over 2,000 malicious subdomains of Microsoft hosted on appspot.com.

 Tags

google app engine
university of tasmania
australian taxation office ato
mozilla firefox 68

Posted on: September 21, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!