Rewterz Threat Advisory – CVE-2020-4380 – IBM Workload Scheduler cross-site scripting Vulnerability
June 12, 2020Rewterz Threat Alert – LODEINFO Malware
June 15, 2020Rewterz Threat Advisory – CVE-2020-4380 – IBM Workload Scheduler cross-site scripting Vulnerability
June 12, 2020Rewterz Threat Alert – LODEINFO Malware
June 15, 2020Severity
Medium
Analysis Summary
A phishing scam that uses fake Zoom video conference invitations to lure victims into providing their credentials has been reported. A phishing campaign that uses fake Zoom video conference invitations in order to lure users into providing their credentials for Microsoft accounts. The fake invite is crafted as to appear to be from “Zoom Video Communications”. The domains associated with the campaign were registered only hours before the campaign began. A redirection service is used to host the link that appears in the invite which, in turn, leads to an Azure hosted phishing page asking the victim to enter their Microsoft 365 account credentials to log into Zoom. If the victim provides the credentials, they are then served a page which states that the video conference has been cancelled.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
IP
- 52[.]27[.]29[.]106
- 209[.]159[.]154[.]74
- 13[.]107[.]246[.]10
- 13[.]107[.]246[.]10
URL
- hxxps[:]//r[.]smore[.]com/c?u=pastell[.]in/ca07-b36n5-65m-c53b-o26v-62h-e79-t56ec44?e5=REDACTED[@]company[.]com
- hXXp[:]//www[.]pastell[.]in/ca07-b36n5-65m-c53b-o26v-62h-e79-t56e-c44
- hXXps[:]//logonmicrosftonlinezoomconference[.]azureedge[.]net/
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.