Threat Source newsletter for July 30, 2020

Threat Source newsletter for July 30, 2020
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.

Adversaries love to use headlines as part of their spam campaigns. From COVID-19, to Black Lives Matter and even Black Friday every year, the bad guys are wanting to capitalize on current events. Why is this the case, and when do they decide to jump on headlines? 

In our latest blog post, we look at this technique and examine the advantages and disadvantages of trying to leverage the biggest news.  

Cyber Security Week in Review

Garmin services are back online after a ransomware attack on the GPS company’s cloud platform. Most users follow Garmin for their exercise trackers and navigation, but perhaps more seriously, the company’s flight-tracking service that amateur pilots use also went dark. 
Security researchers are blaming the Evil Corp APT for the attack. The group is known for using the WastedLocker ransomware and Dridex credential-stealer. 
Cosmetics giant Avon left one of their Microsoft Azure servers open to the internet without encryption or a password. Security researchers say an adversary could have accessed the server and obtained OAuth other security tokens. 
Many consumers assume that the adoption of chip readers on credit cards make their transactions more secure. But the reality is the security measures in place vary between banks
North Korean state-sponsored attackers are reportedly targeting American defense and aerospace agencies and private companies. Some of the infection vectors are classic phishing emails that claim to include job offers ..