Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 22, 2022

Multiple high-severity vulnerabilities found in Atlassian are posing a major risk to its customers and partners. The bugs are being abused in the wild, meanwhile, the firm has provided methods for companies to identify flaws in their systems. In other news, a hacker group known as TA4563 has been observed using EvilNum malware in its attacks to target foreign exchanges, cryptocurrency, and DeFi firms in Europe.

Additionally, some of the top art organizations in Western Australia appear to have compromised client data. The breach, which appears minor, may have exposed some personal data of the clients.

Top Breaches Reported in the Last 24 Hours

Ukrainian radio operator attacked

TAVR Media, which oversees nine major radio stations in Ukraine, fell victim to a cyberattack. Attackers leveraged the opportunity to broadcast a fake message that President Volodymyr Zelenskyy was in a critical health condition and that his duties were being performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk.

Art organizations suffer breaches

Some of the largest arts organizations in Western Australia, including the Black Swan State Theater Company, Perth Festival, the WA Ballet, and the WA Opera, have suffered a major breach. The incident exposed the personal information of their clients. A clarification from officials said no sensitive personal information such as credit card numbers or government identification numbers.

Top Malware Reported in Last 24 Hours

Europe’s financial sector

Threat group TA4563 continues to target European financial and investment entities, including the DeFi market. In its latest attack campaign, Proofpoint found the use of the EvilNum backdoor, which allows an unauthorized third party to access data, make way for additional payloads, and implement components to evade detection.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome zero-day flaw exploited

Hackers are deploying the DevilsTongue spyware, the brainchild of Israeli surveillance firm Candiru, in Lebanon and other regions to target the journalists. They exploited the recently fixed Chrome zero-day (CVE-2022-2294), a heap buffer overflow in the Web Real-Time Communications (WebRTC) component. Earlier this month, it was used to target journalists in the Middle East.

Atlassian highlights new critical bugs

Atlassian has warned customers and partners against new critical vulnerabilities being exploited in the wild. The three vulnerabilities in question affect Confluence Server, Confluence Data Center, as well as several other products like BitBucket, Bamboo, Fisheye, and Jira. The bugs are tracked as CVE-2022-26136, CVE-2022-26137, and VE-2022-26138.

Top Scams Reported in the Last 24 Hours

Hackers impersonate Norton in invoices

Scammers were found spoofing the Norton brand in a new campaign that uses PayPal to send out fake invoices. The contact detail provided in the invoice is that of the scammers. Avanan researcher has dubbed such campaigns ‘double spear’ wherein not only do they obtain money but also harvest user information which can be used in future attacks.

Related Threat Briefings