Cyware Daily Threat Intelligence, September 22, 2020

Share Blog post

A new attack campaign associated with the ill-famed Fancy Bear threat actor group has been detailed by security researchers. The campaign, aimed at government bodies of NATO countries, was executed through fake NATO training materials. These spoofed documents included JPG files that caused the download of Zebrocy malware.

In a different incident, ArbiterSports disclosed that it paid a ransom to attackers to stop them from posting the stolen data online. The attack, which occurred in July this year, had affected the personal details of over 500,000 referees, league officials, and school representatives.

Moreover, the developers of the Discount Rules for WooCommerce WordPress plugin have released security patches for the third time after the previous two attempts to patch two cross-site scripting (XSS) flaws failed. The flaws can be exploited to hijack a targeted site.

Top Breaches Reported in the Last 24 Hours

Fancy Bear’s targeted campaign
Fancy Bear is responsible for a targeted attack campaign aimed at government bodies. The attack was carried out through fake NATO training materials that delivered Zebrocy Delphi malware. The targeted countries included Azerbaijan and several NATO countries.

Luxottica’s security breach
Ray-Ban eyewear maker, Luxottica, has reportedly suffered a cyberattack leading to the shutdown of operations in Italy and China. Security experts claim that the incident has occurred due to vulnerable Citrix ADX controller devices used by the firm. The breach has affected several websites associated with Luxottica, including one.luxottica.com and university.luxottica.com.

CNO affected
The College of the Nurse of Ontario (CNO) recently announced that it is dealing with a cyberattack that affected its services. Threat actors behind the attack stole CNO documents and exposed them on the dark web. CNO is yet to determine whether personal information has been compromised in the incident.

ArbiterSports admits to paying ransom
ArbiterSports disclosed that it paid off ransomware attackers to delete the stolen personal data of 540,000 of its registered members - consisting of referees, league officials, and school representatives. The data was stolen from a backup system maintained by the firm and included details from ArbiterGame, ArbiterOne, and ArbiterWorks.

Microsoft leaks Bing data
Microsoft suffered a cybersecurity lapse earlier this month when a staff member accidentally left one of Bing’s backend servers exposed online. This caused the exposure of over 6.5 TB of log files containing 13 billion records originating from the Bing search engine. The server was secured after Microsoft learned about it from a security researcher.

Top Vulnerabilities Reported in the Last 24 Hours

SQL Injection flaw
A researcher demonstrated a way to bypass Cloudflare’s SQL Injection filter. This can allow threat actors to gain access to the content of a web application’s database. It can even allow them to write a Python script that would automate an attack.

ClearPass fixes a critical issue
A critical vulnerability affecting Aruba ClearPass Policy Manager has been patched with the release of a new version. The flaw, classified as an unauthenticated remote code execution (RCE) issue, has a CVSS score of 8.1 and is assigned CVE-2020-7115. It can be abused to expose host systems to remote exploitation.

Discount Rules for WooCommerce plugin patched 
Developers of the Discount Rules for WooCommerce WordPress plugin have released security patches for the third time in the last few weeks. The patches are for two high-severity XSS flaws affecting the plugin.

Top Scams Reported in the Last 24 Hours

Phishing attack
Scammers are impersonating the Commissioner of the Texas Department of State Health Services (DSHS) to target computer equipment suppliers in a new phishing email campaign. The email is sent to a company’s sales department, requesting a price quote for 20 touchscreen laptops and 200 portable hard drives. It includes a fake document that does not disclose a shipment address. The goal of the campaign is to retrieve merchandise and later profit from the resale of the stolen goods.

 Tags

luxottica
fancy bear hackers
arbitersports
discount rules for woocommerce plugin
dexerto

Posted on: September 22, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!