Cyware Daily Threat Intelligence
Daily Threat Briefing • Apr 27, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Apr 27, 2022
Persistent attacks from Emotet are getting on everyone’s nerves. The threat actors are back in business after a short break to spam more victims with malicious emails containing invoices, forms, or payment details. Moreover, Avast’s telemetry revealed an uptick in Emotet attacks against Japanese companies.
There’s a new update about the prolific Lazarus group that used a new malware to infect over 40 companies and institutions worldwide. Meanwhile, Linux operating system is actively under attack as threat actors exploit the previously disclosed Dirty Pipe flaw. Adding to the trouble, researchers have uncovered a new set of flaws, collectively referred to as Nimbuspwn, affecting the OS.
Top Breaches Reported in the Last 24 Hours
Coca-Cola investigating an attack
Coca-Cola is investigating a ransomware attack after hackers claimed to steal documents from the beverage giant. The Stormous ransomware group took to underground forums to claim the attack by putting 161 GB of stolen data on sale. The group is offering the stolen data for about $64,000.
Bored Ape Yatch Club hacked
The Instagram account and Discord server of Bored Ape Yacht Club were hacked by cybercriminals, enabling them to compromise multiple wallets of users. The attackers leveraged an upcoming feature, OthersideMeta, on the NFT project to steal 24 Bored Apes and 30 Mutant Apes (which are estimated to be $13.7 million).
ADA firm hit by Black Basta ransomware
The American Dental Association (ADA) was hit by a cyberattack that disrupted its network operations. The attack was launched by a new Black Basta ransomware group. Following the attack, the firm was forced to take affected systems offline, which included online services, telephones, email, and webchat.
Top Malware Reported in the Last 24 Hours
Lazarus drops a new malware
Researchers have associated SCSKAppLink.dll malware with the Lazarus group. The group exploited an executable (inisafecrosswebexsvc.exe) of INISAFE CrossWeb EXV3 to distribute the malware. So far, the malware has infected 47 companies and institutions worldwide.
Emotet fixes a bug to infect users
Emotet operators resumed their email spam campaign after a short break to infect more users. The operators fixed a flaw in the campaign that prevented them from spreading across the systems. In another related news, Avast found that Japanese companies suffered major Emotet spam mail attacks in March. The malicious Excel files attempted to deceive users into running a malicious macro under the pretext of unlocking the document.
Top Vulnerabilities Reported in the Last 24 Hours
New Nimbuspwn vulnerability
Microsoft discovered two new security vulnerabilities that can be used to gain root privileges on Linux systems. Collectively called Nimbuspwn, the flaws are tracked as CVE-2022-29799 and CVE-2022-29800 and reside in a system component named networkd-dispatcher.
Ever Surf wallet vulnerability
A vulnerability discovered in the web version of the Ever Surf cryptocurrency wallet can be exploited to decrypt PINs, recover decryption keys, and take over web wallets. Ever Surf has confirmed the issue and released patches.
Chrome 101 patches 30 flaws
Google has released a stable version of Chrome 101 with patches for 30 vulnerabilities. Five of these are use-after-free flaws. One of them (tracked as CVE-2022-1477) affects the 3D graphics and computing open standard Vulkan.
GitHub fixes Package Planting bug
GitHub fixed a security issue in the npm platform that could have allowed threat actors to distribute malicious packages. Described as package planting, the flaw can be exploited by masquerading a malicious package as a legitimate one.
Update on Log4Shell
Millions of Java applications are still vulnerable to the Log4Shell attack even after four months of the disclosure of the vulnerability. Some of these apps have reached the end of life and remain unpatched by respective organizations.