We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 29, 2022

The lesser-known Stonefly APT has partnered with the Lazarus group to stir the infamous ‘Operation Dream Job’ campaign. Researchers claim that the North Korea-based hacking group is exploiting the Log4Shell vulnerability to mount espionage attacks against highly specialized engineering companies and steal their sensitive intellectual property. Meanwhile, a new malware dubbed BrownFlood has surfaced targeting at least 36 Ukrainian websites in an ongoing DDoS attack spree.

In other news, Cisco and QNAP have urged organizations to apply security patches for critical vulnerabilities affecting their products.

Top Breaches Reported in the Last 24 Hours

Deus Finance confirms hack

Decentralized finance platform Deus Finance confirmed reports of a hack that allowed the attackers to steal more than $13 million from the platform. A variant of a flash loan attack was used to pilfer funds from users’ wallets.

Ongoing DDoS attacks

CERT-UA has published a warning of ongoing DDoS attacks against pro-Ukraine sites and government web portals. Threat actors are compromising WordPress sites and injecting malicious JavaScript code, named BrownFlood, to perform the attacks. At least 36 websites have, so far, been targeted in the attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches 11 flaws

Cisco announced the release of security patches for 11 high-severity vulnerabilities affecting its Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). The most severe of these is tracked as CVE-2022-20746 and can be exploited by sending a crafted stream of TCP traffic through an affected device.

Microsoft patches a flaw in Azure PostgreSQL

Microsoft has patched a security weakness in Azure PostgreSQL which could have been exploited to execute malicious code. Described as a cross-account database vulnerability, the flaw can be exploited to gain read access to PostgreSQL databases without authorization. Microsoft has confirmed that there is no evidence of exploitation of the flaw in the wild.

Vulnerabilities affecting Netatalk

Users of Synology and QNAP NAS devices were advised by the vendors to patch several critical vulnerabilities affecting Netatalk, an open-source implementation of the Apple Filing Protocol (AFP). The flaws in question are CVE-2022-0194, CVE-2022-23122, CVE-2022-23125, CVE-2022-23123 CVE-2022-23124, CVE-2022-23121 and CVE-2021-31439. They have been patched in Netatalk v3.1.1.

Top Scams Reported in the Last 24 Hours

Phishers hijack Facebook user profiles

Multiple Facebook pages claiming to be account recovery services pages were uncovered by researchers. The hijacked pages belonged to musicians, products, and businesses. Once the phishers took over the page, they changed the name, profile picture, and other identities to make it look like a support page.

Related Threat Briefings