Cyber Security DDoS Malvertise Malware Phishing Ransomware RCE Spyware Stalkerware Vulnerability Zero-day

Google bans ads promoting spyware, stalkerware, Fraudsters use inactive domains to malvertise, and more

Major cybersecurity events on 10th July 2020 (Evening Post): New phishing campaign leverages legitimate SurveyMonkey domains to fish for Office 365 credentials. Android malware family Joker sneaks their product Bread into Google Play Store. DDoS attack targets Cloudflare.

Round Up of Major Breaches and Scams

SurveyMonkey Phishers Go Hunting for Office 365 Credentials

Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters. The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security.

Round Up of Major Malware and Ransomware Incidents

Google bans stalkerware ads

Google announced plans this week to ban ads that promote stalkerware, spyware, and other forms of surveillance technology that can be used to track other persons without their specific consent. The change was announced this week as part of an upcoming update to Google Ads policies, set to enter into effect next month, on August 11, 2020.

‘Joker’ Android Malware Pulls Another Trick to Land on Google’s Play Store

The authors of a particularly persistent Android malware family called “Joker” have once again found a way to sneak their product into Google’s official Play mobile app store. The malware (aka “Bread”) is known for subscribing mobile users to premium content without their knowledge and has been floating around since at least early 2017.

Cyber-Attack Downs Alabama County’s Network

A suspected ransomware attack has caused the temporary closure of an Alabama county’s computer network. Chilton County implemented a shutdown after being targeted by a suspected ransomware attack on the morning of July 7. County Commission Chairman Joseph Parnell announced the incident on the social media network Facebook.

Fraudsters Conducting Malvertising Campaign Via Inactive Domains

A number of inactive websites have been compromised and are redirecting visitors to unwanted URLs, many of which are malicious. This is according to a new study by Kaspersky, which uncovered over 1000 inactive domains that send users to second-hand pages as a way for fraudsters to make money or even infect their device. Inactive domains are sometimes purchased by a service before being put up for sale on an auction site.

Round Up of Major Vulnerabilities and Patches

Huge DDoS Attack Launched Against Cloudflare in Late June

The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses. Cloudflare revealed this week that on June 21 it detected and mitigated a packet-based volumetric DDoS attack that peaked at 754 million packets-per-second. According to researchers, that peak was part of a four-day attack from June 18-21 that saw traffic from more than 316,000 different IP addresses directed at a single Cloudflare address.

Zoom Zero-Day Allows RCE, Patch on the Way

A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The issue was confirmed for Threatpost by a Zoom spokesperson. The 0patch team said that the vulnerability is present in any currently supported version of Zoom Client for Windows, and is unpatched and previously unknown — catnip for cybercriminals.