Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 26, 2022

Emotet is showing a strong resurgence as it gets a new life. The trojan has joined hands with Conti ransomware to launch a plethora of malicious schemes. Researchers found that over a dozen attacks launched by Conti, in the last three months, were the recipients of Emotet malspam campaigns. In parallel, Emotet is testing its new delivery techniques against disabled VBA macros across Microsoft products.

Meanwhile, seven widely exploited vulnerabilities have come under the scanner of the CISA as it urged federal agencies to apply the required patches at the earliest. This includes a remote code execution vulnerability in the VMware Workspace ONE Access and Identity Manager, which is being actively exploited by the Rocket Kitten threat actor group.

Top Breaches Reported in the Last 24 Hours

GHT Coeur Grand Est targeted

GHT Coeur Grand Est was hit by a cyberattack that affected its hospital centers in Vitry-le-François and Saint-Dizier. The incident was discovered on April 19. The firm has asserted that the attackers managed to copy essential administrative data, which might be used for phishing in the future.

Top Malware Reported in the Last 24 Hours

Conti-Emotet join hands

Emotet trojan has joined hands with Conti ransomware to launch a plethora of malicious schemes. Over a dozen entities targeted, between December 2021 and March 2022, by Conti ransomware were driven via Emotet malspam campaigns. It is likely that Emotet is highly relied upon by Conti operators to find victims.

Emotet evolves its techniques

Emotet is testing new attack methods on a small scale as Microsoft disabled VBA macros by default across its products. The new email campaign analyzed by researchers involves the use of salary-themed lures and OneDrive URLs hosting ZIP archives that contain Microsoft Excel Add-in files.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched VMware flaw exploited

Iranian-linked threat actor group, Rocket Kitten, has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954, the remote code execution vulnerability affects VMware Workspace ONE Access and Identity Manager.

Wide exploitation of WSO2 vulnerability

Organizations are warned of attacks stemming from the exploitation of WSO2 vulnerability. The flaw tracked as CVE-2022-29464, impacts WSO2’s API Manager, Identity Server, Enterprise Integrator, and Open Banking products. Additionally, the CISA has added the flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to install the available patches by May 16.

CISA adds seven vulnerabilities

The CISA has added seven new vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The vulnerabilities can allow threat actors to perform a variety of attacks, including stealing credentials, gaining access to networks, remotely executing commands, or stealing information from devices.

Related Threat Briefings