Cybersecurity Weekly: Cloud service phish, Zoom URL flaw, Tetrade banking malware

July 21, 2020 by Sam Fay

A new phishing campaign abuses a trio of enterprise cloud services. A flaw in Zoom’s Vanity URL feature could have been exploited in phishing attacks. Tetrade banking malware families target users worldwide. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. New phishing campaign abuses a trio of enterprise cloud services

A new phishing campaign uses Microsoft Azure, Microsoft Dynamics and IBM Cloud as part of an attempt to steal login credentials. The phishing email imitates a quarantined mail notification frequently sent out in workplaces by email security products and spam filters, asking the recipient to release messages stuck in the queue.
Read more »


2. A flaw in Zoom’s Vanity URL feature could have been exploited in phishing attacks

A vulnerability affecting the Zoom feature dubbed Vanity URL could have been exploited by hackers for phishing attacks. In the attack reported by researchers, the URL would actually point to a subdomain registered by the attacker with a name that looks like the one of the target. With this attack scheme, the attacker aims at tricking the victims into handing over credentials.
Read more »


3. Tetrade banking malware families target users worldwide

Cybersecurity researchers have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America and Europe.The four malware families are the result of a Brazilian banking group that is evolving its capabilities targeting banking users abroad.
Read more »


4. Several high-profile accounts hacked in Twitter hack

A number of high-profile Twitter accounts, including those of U.S. presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber and Apple, were breached simultaneously in what’s a far-reaching hacking campaign carried out to promote a cryptocurrency scam.
Read more »


5. BadPower attack corrupts fast chargers to melt or set devices on fire

Security researchers said they can alter the firmware of fast chargers to cause damage to connected charging systems, such as melt components or set devices on fire. According to researchers, the attack, dubbed BadPower, corrupts the firmware of newly-developed fast chargers.
Read more »


6. Hackers accidentally expose training videos online

An OPSEC error by an Iranian threat actor exposed the inner workings of the hacking group by providing a rare insight into the behind-the-scenes look into their methods. Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials.
Read more »


7. New Android malware steals passwords for non-banking apps too

Last week, cybersecurity researchers uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating and cryptocurrency apps — a total of 337 non-financial Android applications on its target list.
Read more »


8. Orange confirms ransomware attack exposing business customers’ data

The French telecommunications company confirmed that they suffered a ransomware attack exposing the data of twenty of their enterprise customers. On July 15th, 2020, the ransomware operators behind the Nefilim Ransomware added Orange to their data leak site and stated that they breached the company through their Orange Business Solutions division.
Read more »


9. Hackers look to steal COVID-19 vaccine research

The advanced threat actor known as APT29 has been hard at work attempting to steal COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world. The U.S. DHS advisory details the recent activity of APT29, including the use of custom malware called WellMess and WellMail for data exfiltration.
Read more »


10. Introducing the PhishingKitTracker

Experts that want to study phishing attack schema and Kit-composition can use the new PhishingKitTracker, which is updated automatically. Created by security researcher Marco Ramilli, this tracker correlates phishy domains and follows the attack chain back to a single phishing attack.
Read more »

Posted: July 21, 2020
Sam Fay
View Profile