Cybersecurity Weekly: Wells Fargo phish, Oxford server hack, Cisco Webex flaw

June 23, 2020 by Sam Fay

A new Wells Fargo phishing campaign baits customers with calendar invites. A hijacked Oxford server was used by hackers for Office 365 phishing. A new Cisco Webex Meetings flaw lets attackers steal auth tokens. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Wells Fargo phishing baits customers with calendar invites

Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo security team and luring potential victims to phishing pages with the help of calendar invites. The phishing messages have targeted over 15,000 Wells Fargo customers using .ics calendar file attachments.
Read more »


2. Hijacked Oxford server used by hackers for Office 365 phishing

Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials. The threat actors’ attacks had everything needed to bypass their victims’ security email filters and trick the victims themselves into handing over their Office 365 credentials.

Read more »


3. New Cisco Webex Meetings flaw lets attackers steal auth tokens

A new vulnerability in the Cisco Webex Meetings client could allow local authenticated attackers to gain access to sensitive information including usernames, authentication tokens and meeting information. The stolen account can be thus leveraged as part of future attacks or immediately view and edit meetings or download recordings.

Read more »


4. Cognizant admitted data breach in April ransomware attack

The information technologies services giant was hit by Maze ransomware operators in April. Immediately after the attack, the company sent a security breach notification mail to its clients and shared IoCs related to the threat that affected its systems. At the time, the company stated that threat actors did not exfiltrate any customer’s information.
Read more »


5. InvisiMole hackers target high-profile military and diplomatic entities

Last week, cybersecurity researchers uncovered the method of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage. InvisiMole has been active at least since 2013 in connection with targeted cyber-espionage operations in Ukraine and Russia.
Read more »


6. phishing users of private messaging service

For the past year, a site called has been impersonating, a legitimate service that offers private, encrypted messages that self-destruct automatically after they are read. The phishing site does not fully implement encryption, and can read and modify all messages sent by users.
Read more »


7. Hackers target military and aerospace staff by posing as recruiters

Cybersecurity researchers took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations. The primary goal of the operation was espionage, but in one case, the attackers tried to monetize access to a victim’s email account through a business email compromise attack.

Read more »


8. 79 Netgear router models affected by a dangerous zero-day

Last week, security experts reported a severe unpatched security vulnerability that affects 79 Netgear router models. The flaw could allow remote attackers to execute arbitrary code as “root” on the vulnerable devices and potentially take over them. These experts reported the vulnerability to the vendor early this year.
Read more »


9. New Ripple20 flaws put billions of internet-connected devices at risk of hacking

The Department of Homeland Security and CISA ICS-CERT issued a critical security advisory about over a dozen newly discovered vulnerabilities affecting billions of internet-connected devices manufactured by many vendors across the globe. Dubbed Ripple20, the set of 19 vulnerabilities resides in a low-level TCP/IP software library.
Read more »


10. Copied master key forces South African bank to replace 12 million cards

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after employees printed out the bank’s master key. According to reports, the security breach occurred in December 2018 when a copy of Postbank’s digital master key was printed out at an offsite data center.
Read more »

Posted: June 23, 2020
Sam Fay
View Profile