Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability
November 17, 2020Rewterz Threat Alert – A Newly discovered Jupyter Trojan
November 18, 2020Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability
November 17, 2020Rewterz Threat Alert – A Newly discovered Jupyter Trojan
November 18, 2020Severity
Medium
Analysis Summary
There’s an ongoing active Microsoft office 365 phishing campaign targeting users to lure them to open malicious links. This phishing campaign is targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering. The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc.
One of the interesting techniques observed in this campaign is the use of redirector sites with a unique subdomain for each target. The subdomain follows different formats but generally always contains the recipient’s username and org domain name.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- Password Update
- Exchange proteccion
- Helpdesk-#
- SharePoint
- Projects_communications
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.