Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 25, 2022

Ransomware attacks are piling up pressure on organizations as threat actors evolve their attack processes. In a new finding, researchers have revealed that the operators behind the Quantum ransomware are leveraging IcedID malware to accelerate the attack process. Consequently, this leaves the defenders little time to identify and thwart such attacks.

In other news, the infostealer malware families are gaining traction in underground forums as cybercriminals add a new malware to the list. Named Prynt Stealer, the malware is capable of harvesting data from a wide range of applications, such as cryptocurrency wallets, messaging platforms, and gaming apps.

Top Breaches Reported in the Last 24 Hours

Phishing against Ukrainian organizations

The CERT-UA has sent out a new alert about phishing attacks targeting organizations in Ukraine. The phishing messages use the subject ‘Azovstal’ and a weaponized Microsoft Office document to unleash Cobalt Strike Beacon in the last stage of the infection chain. The encryption techniques employed in the campaign are associated with TrickBot operators.

T-Mobile confirms attacks

T-Mobile acknowledged that the security of its systems was compromised after the Lapsus$ gang gained access to its networks. The attackers accessed internal networks using stolen credentials. This enabled the hackers to obtain over 30,000 source code repositories, as well as the key to an internal customer account management application called Atlas.

Top Malware Reported in the Last 24 Hours

Quantum ransomware’s speedy attacks

In a new finding, researchers discovered that threat actors behind the Quantum ransomware are leveraging IcedID malware as one of their initial access vectors to accelerate the attack process that lasted for only 3 hours and 44 minutes.

New Prynt Stealer malware

A newly-found Prynt Stealer malware is being offered for sale on underground forums for a small price, The malware is capable of harvesting data from a wide range of applications, such as cryptocurrency wallets, messaging platforms, and gaming apps. Additionally, it can also perform direct financial compromise.

Top Vulnerabilities Reported in the Last 24 Hours

Atlassian patches a critical flaw

Atlassian, last week, announced patches for a critical authentication bypass vulnerability in Jira. The flaw, identified as CVE-2022-0540, can be exploited by sending a specially crafted HTTP request. The fixes are included in versions 8.13.18, 8.20.6, and 8.22.0 or newer.

Related Threat Briefings