Threat Intelligence Report - August 18, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
Breach Shuts Down Discord.io
Discord.io, a platform providing custom links for Discord channels, announced its closure after a significant data breach where hackers accessed the details of 760,000 users. The breached information includes both non-sensitive and potentially sensitive data such as usernames, Discord IDs, email addresses, billing addresses, and salted and hashed passwords from accounts created before 2018.
QR Code Phishing Attacks Target Multiple Industries
A notable US energy company was the primary target of a phishing campaign that used QR codes in emails to bypass security and deliver malicious content. Manufacturing, insurance, technology, and financial service firms rounded out the attack targets for the 1,000 email campaign. According to Cofense, who detected this large-scale usage of QR codes in phishing attacks, the emails directed recipients to scan QR codes to "update their Microsoft 365 account settings," effectively using redirects in Bing, Salesforce, and Cloudflare’s Web3 services to lead targets to a phishing page while evading security tools.
Banco Popular de Puerto Rico Affected by PwC Breach
Banco Popular de Puerto Rico, the island's largest bank, disclosed a cybersecurity breach stemming from third-party vendor PricewaterhouseCoopers (PwC) that exposed the personal data of 82,217 clients. The breach, linked to the MOVEit software used by PwC, compromised names, social security numbers, mortgage loan numbers, and other mortgage-related details, with PwC being among several major firms targeted by the Russian-linked Cl0p ransomware group.
MOVEit Software Creator Hit with Lawsuits
Progress Software, the publisher of MOVEit Transfer, is facing five class action lawsuits, alleging that the company was aware of a vulnerability in its system since 2021 and failed to address it. This vulnerability was exploited by the Russian hacking group Cl0p, leading to data breaches in numerous organizations globally, compromising the personal information of approximately 40 million individuals.
Fake Airplane Mode Exploit in Apple iOS 16
Cybersecurity researchers have identified a new exploit in Apple's iOS 16 where attackers can deceive users into believing they have activated Airplane Mode, while in reality maintaining access for a malicious application. The technique involves displaying the Airplane Mode icon and disconnecting internet for all apps, but still allows the rogue app to remain connected to cellular networks, enabling stealthy communication.
Follow NetFire and stay tuned for more insights.
#NetFireThreatIntelligence #ThreatIntelligence #NetFire #Discord #QRCodePhishing #PwC #BancoPopular #MOVEitLawsuits #FakeAirplaneMode #NetOnFire