We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 6, 2022

Security experts are urging customers to apply patches as they raise alarm about the wide exploitation of newly discovered flaws affecting Microsoft Office and Atlassian Confluence servers. While the flaw impacting a Windows support diagnostic tool was leveraged in a new set of attacks aimed at government entities in Europe and the U.S, the critical flaw affecting Confluence servers was being exploited in multiple botnet and malware campaigns.

In other developments, the DeadBolt ransomware has evolved its extortion scheme as it continues to target NAS devices from QNAP and Asustor. It is putting pressure on vendors to pay ransom for a master decryption key that would theoretically work for all victims.

Top Breaches Reported in the Last 24 Hours

Bored Ape Yacht Club hacked again

Malicious hackers have again managed to steal 32 NFTs (worth more than $250,000) from Bored Ape Yacht Club (BAYC) by compromising the Discord account of one of its community managers. The threat actors used this compromised account to send a phishing link, which was later used to gain access to BAYC owners’ cryptocurrency wallets. Among the NFTs compromised in the hack include 1 Bored Ape, 2 Mutant Apes, 5 Otherdeeds, and 1 Bored Kennel.

Russian Ministry website hacked

The website of Russia’s Ministry of Construction, Housing and Utilities has been reportedly hacked and defaced with a message that reads ‘Glory to Ukraine’. A ministry representative revealed that the site was down but users’ personal information remains unaffected.

**Gloucester City Council struggles **

Gloucester City Council is still struggling to cope with the ransomware attack that affected its IT systems in December 2021. The attack occurred after hackers exploited third-party systems and, reportedly, encrypted files.

Top Malware Reported in the Last 24 Hours

DeadBolt actively targets QNAP devices

In a new finding, Trend Micro has revealed a new set of attacks by DeadBolt ransomware. Researchers found that the ransomware has been targeting NAS devices using QTS 4.3.6 and QTS 4.4.1. After encrypting files, the ransomware offers two different payment schemes: either a victim pays for a decryption key or the vendor pays for a master decryption key that would decrypt data for all victims.

Top Vulnerabilities Reported in the Last 24 Hours

Wild exploitation of Follina vulnerability

Researchers from Proofpoint disclosed blocking a new set of attack attempts that exploited the newly found Microsoft Office Follina vulnerability. The attacks were aimed at government entities in Europe and the U.S. and were conducted via phishing emails. Tracked as CVE-2022-30190, the flaw has a CVSS score of 7.8.

PoC for Atlassian Confluence flaw released

PoC exploits for the actively exploited critical vulnerability impacting Atlassian Confluence and Data Center servers have been publicly released this weekend. This comes just after the firm announced the release of patches for the vulnerability. The flaw, tracked as CVE-2022-26134, can be exploited for remote code execution.

Flaws in U-Boot loader

Two critical vulnerabilities discovered in the U-Boot loader could be exploited to write arbitrary data and gain root access to Linux-based embedded systems. One of these is tracked as CVE-2022-30790 and has a CVSS score of 9.1. The other is described as a buffer overflow vulnerability (CVE-2022-30552) that can lead to DoS attacks.

Related Threat Briefings