Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 18, 2022

A new dark web marketplace selling premium data stolen from organizations has come under the spotlight recently. Reports suggest that the threat actors are promoting the Industrial Spy darknet market through malicious executables, software cracks, and adware. In another update, the operators behind Emotet trojan are aggressively targeting systems worldwide by leveraging a variety of maldocs as a lure.

The crypto market has again collapsed due to a new cyberattack during the weekend. The attackers drained out over $180 million worth of cryptocurrency by exploiting a Defi platform, named Beanstalk.

Top Breaches Reported in the Last 24 Hours

GitHub reveals a security breach

GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. The stolen OAuth tokens were linked to two OAuth integrators, Heroku and Travis-CI. The first intrusion was detected on April 12 after the company’s security team identified unauthorized access to its npm production infrastructure using a compromised AWS API key.

Beanstalk Farms loses $182 million

Beanstalk Farms, an Ethereum-based stablecoin protocol, suffered a loss of around $182 million following a cyberattack. The attackers got away with around $80 million of crypto tokens by projecting a flash loan on the lending platform Aave, which is used to amass a large amount of Beanstalk’s native governance token, Stalk.

Top Malware Reported in the Last 24 Hours

Recent Emotet attack trends

Researchers observed that the recent Emotet outbreak is being spread through various malicious Microsoft Office files that come attached with phishing emails. The emails include ‘Re:’ or ‘Fe:’ in the subject line. The attached Excel files and Word documents contain the ‘Enable Content’ button that, if clicked, causes the download of malicious macros.

Top Vulnerabilities Reported in the Last 24 Hours

CISA adds new flaws to its list

The****CISA added a VMware privilege escalation flaw (CVE-202222960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. While the privilege escalation flaw affects VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, the type confusion issue affects the V8 JavaScript engine.

New Threat in Spotlight

Karakurt linked to Conti hacking group

Security researchers have found a connection between Conti ransomware and the recently emerged Karakurt data extortion group. The intelligence team has managed to connect the dots by obtaining remote access to multiple servers that are actively being used as C2 communication systems by threat actors. Since its inception in December 2021, the Karakurt group has claimed more than 40 victims across the globe.

Industrial Spy marketplace launched

Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies. While the premium stolen datasets are priced at millions of dollars, lower-tier data are sold for as little as $2. The marketplace also offers free stolen data packs in a bid to attract more threat actors to use the site.

Related Threat Briefings