Cybersecurity Weekly: O365 phish, Google Analytics exploit, LG Electronics ransomware

June 29, 2020 by Sam Fay

Office 365 users are being targeted by a Coronavirus employee training phish. Hackers are using Google Analytics to bypass web security and steal credit cards. LG Electronics was allegedly hit by a Maze ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Office 365 users targeted by Coronavirus employee training phish

Researchers are warning of a new phishing attack that sends Coronavirus training resources to employees who are returning to the workplace as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations.
Read more »


2. Hackers using Google Analytics to bypass web security and steal credit cards

Hackers are now exploiting Google Analytics to stealthily pilfer credit card information from infected e-commerce sites. Threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information.

Read more »


3. LG Electronics allegedly hit by Maze ransomware attack

Maze ransomware operators claimed on their website that they breached and locked the network of LG Electronics. When asked how many devices were encrypted, the Maze operators told reporters that this information currently is private and will be provided only to LG negotiators.

Read more »


4. VirusTotal adds Cynet’s artificial intelligence-based malware detection

VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. Cynet, the creator of the autonomous breach protection platform, has now integrated its Cynet Detection Engine into VirusTotal.
Read more »


5. Docker images containing cryptojacking malware distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are targeting exposed API endpoints and crafting malware-infested images to facilitate DDoS attacks and mine cryptocurrencies. The purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers
Read more »


6. Critical bugs and backdoor found in GeoVision’s fingerprint and card scanners

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws. These vulnerabilities impact its card and fingerprint scanners that could’ve potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.
Read more »


7. Golang worm widens scope to Windows, adds payload capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware.

Read more »


8. European bank suffers biggest DDoS attack, new botnet suspected

A bank in Europe was the target of a huge DDoS attack that sent to its networking gear a flood of 809 million packets per second. The attack can easily be a contender for the largest DDoS incident to date, despite not being a bandwidth-intensive attack, with a footprint of just 418Gbps.
Read more »


9. Hackers hide credit card stealing script in favicon metadata

In a new report, an online store using the WordPress WooCommerce plugin was found to be infected with a Magecart script to steal customer’s credit cards. What made this attack stand out was that the scripts used to capture data from payment forms were not added directly to the site, but were contained in the EXIF data for a remote site’s favicon image.
Read more »


10. TikTok to stop clipboard snooping after Apple privacy feature exposes behavior

Apple recently added a new banner alert to iOS 14 that lets users know if a mobile app is pasting from the clipboard and thus able to read to a user’s cut-and-paste data. This new privacy feature sheds light on TikTok’s practice of reading iPhone users’ cut-and-paste data, even though the company said in March it would stop.
Read more »

Posted: June 29, 2020
Sam Fay
View Profile