Cybersecurity Weekly: Wells Fargo phish, Oxford server hack, Cisco Webex flaw
A new Wells Fargo phishing campaign baits customers with calendar invites. A hijacked Oxford server was used by hackers for Office 365 phishing. A new Cisco Webex Meetings flaw lets attackers steal auth tokens. All this, and more, in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Wells Fargo phishing baits customers with calendar invites
Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo security team and luring potential victims to phishing pages with the help of calendar invites. The phishing messages have targeted over 15,000 Wells Fargo customers using .ics calendar file attachments.
Read more »
2. Hijacked Oxford server used by hackers for Office 365 phishing
Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials. The threat actors' attacks had everything needed to bypass their victims' security email filters and trick the victims themselves into handing over their Office 365 credentials.
3. New Cisco Webex Meetings flaw lets attackers steal auth tokens
A new vulnerability in the Cisco Webex Meetings client could allow local authenticated attackers to gain access to sensitive information including usernames, authentication tokens and meeting information. The stolen account can be thus leveraged as part of future attacks or immediately view and edit meetings or download recordings.
4. Cognizant admitted data breach in April ransomware attack
The information technologies services giant was hit by Maze ransomware operators in April. Immediately after the attack, the company sent a security breach notification mail to its clients and shared IoCs related to the threat that affected its systems. At the time, the company stated that threat actors did not exfiltrate any customer’s information.
Read more »
5. InvisiMole hackers target high-profile military and diplomatic entities
Last week, cybersecurity researchers uncovered the method of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage. InvisiMole has been active at least since 2013 in connection with targeted cyber-espionage operations in Ukraine and Russia.
Read more »
6. Privnotes.com phishing users of private messaging service Privnote.com
For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate service that offers private, encrypted messages that self-destruct automatically after they are read. The phishing site Privnotes.com does not fully implement encryption, and can read and modify all messages sent by users.
Read more »
7. Hackers target military and aerospace staff by posing as recruiters
Cybersecurity researchers took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations. The primary goal of the operation was espionage, but in one case, the attackers tried to monetize access to a victim's email account through a business email compromise attack.
8. 79 Netgear router models affected by a dangerous zero-day
Last week, security experts reported a severe unpatched security vulnerability that affects 79 Netgear router models. The flaw could allow remote attackers to execute arbitrary code as “root” on the vulnerable devices and potentially take over them. These experts reported the vulnerability to the vendor early this year.
Read more »
9. New Ripple20 flaws put billions of internet-connected devices at risk of hacking
The Department of Homeland Security and CISA ICS-CERT issued a critical security advisory about over a dozen newly discovered vulnerabilities affecting billions of internet-connected devices manufactured by many vendors across the globe. Dubbed Ripple20, the set of 19 vulnerabilities resides in a low-level TCP/IP software library.
Read more »
See Infosec IQ in action
10. Copied master key forces South African bank to replace 12 million cards
Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after employees printed out the bank’s master key. According to reports, the security breach occurred in December 2018 when a copy of Postbank’s digital master key was printed out at an offsite data center.
Read more »