Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 20, 2022

The Russia-linked Gamaredon APT group has become more active and intense than ever before in the past two months. This is what Symantec researchers have to say about the notorious group as they reveal four distinct variants of the Pteredo backdoor malware. Collectively tracked as Pteranodon, these malware variants are being currently used against organizations in Ukraine. Besides, the scammers are also targeting Ukrainians in an ongoing scam that redirects them to fake donation sites and phishing pages.

Meanwhile, the Spring4Shell vulnerability continues to haunt organizations that have failed to patch it. Around 700 attempts to exploit the flaw were observed in the first twelve days of April. Most of these were aimed at deploying cryptocurrency miners.

Top Breaches Reported in the Last 24 Hours

Kansas City experiences a cyberattack

The Unified Government (UG) of Wyandotte County and Kansas City experienced a cyberattack at its data centers. According to the UG, it is working with the U.S. Department of Homeland Security, FBI, and Mid-America Regional Council cybersecurity task force to restore data services. It is yet to be determined if any data was compromised.

Top Malware Reported in the Last 24 Hours

New variants of Pteredo backdoor

Russian state-sponsored threat actor group known as Gamaredon has been found targeting Ukrainians with four new variants of the Pteredo backdoor, also tracked as Pteranodon. All the four variants were observed using obfuscated VBS droppers that add Scheduled Tasks and then fetch additional modules from the C2 server. It should be noted that the Pteredo backdoor is still under active development.

Top Vulnerabilities Reported in the Last 24 Hours

CISA updates its exploited vulnerabilities catalog

CISA added three new widely exploited flaws to its Known Exploited Vulnerabilities Catalog recently. The flaws are a Windows Print Spooler vulnerability (CVE-2022-22718), a cross-site scripting vulnerability in Zimbra (CVE-2018-6882), and a buffer overflow flaw in WhatsApp VOIP (CVE-2019-3568).

Google’s update on zero-day flaws

In a new report, Google revealed that it spotted a record of 58 exploited-in-the-wild zero-day vulnerabilities in 2021. Seventeen of these are related to use-after-free vulnerabilities, six are out-of-bound read & write flaws, four are buffer overflow flaws, and four are integer overflow vulnerabilities.

**A rise in the exploitation of Spring4Shell flaw **

At least 700 attempts to exploit the Spring4Shell vulnerability have been observed between April 1 and April 12, with a peak of nearly 3,000 exploitation attempts occurring on April 3. Some of these exploitation attempts were aimed at deploying cryptocurrency miners.

Four flaws fixed in AWS

Amazon has released emergency patches following the discovery of serious security flaws existing in the patches issued for the Log4Shell vulnerability. The patches cover a wide range of cloud environments such as Kubernetes clusters, Elastic Container Services (ECS) clusters, and Fargate.

Top Scams Reported in the Last 24 Hours

Fake donation scam

Scammers are taking advantage of the ongoing geopolitical war to deceive Ukrainians, as well as people from other nations, into sending donations to the wrong recipients. The scams are being carried out through fake donation sites, fake Red Cross portals, and social media. In one such instance, the scammer known as @Xenta777 on Twitter had asked people to make military equipment-related donations.

Related Threat Briefings