Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 6, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 6, 2022
Security experts are urging customers to apply patches as they raise alarm about the wide exploitation of newly discovered flaws affecting Microsoft Office and Atlassian Confluence servers. While the flaw impacting a Windows support diagnostic tool was leveraged in a new set of attacks aimed at government entities in Europe and the U.S, the critical flaw affecting Confluence servers was being exploited in multiple botnet and malware campaigns.
In other developments, the DeadBolt ransomware has evolved its extortion scheme as it continues to target NAS devices from QNAP and Asustor. It is putting pressure on vendors to pay ransom for a master decryption key that would theoretically work for all victims.
Bored Ape Yacht Club hacked again
Malicious hackers have again managed to steal 32 NFTs (worth more than $250,000) from Bored Ape Yacht Club (BAYC) by compromising the Discord account of one of its community managers. The threat actors used this compromised account to send a phishing link, which was later used to gain access to BAYC owners’ cryptocurrency wallets. Among the NFTs compromised in the hack include 1 Bored Ape, 2 Mutant Apes, 5 Otherdeeds, and 1 Bored Kennel.
Russian Ministry website hacked
The website of Russia’s Ministry of Construction, Housing and Utilities has been reportedly hacked and defaced with a message that reads ‘Glory to Ukraine’. A ministry representative revealed that the site was down but users’ personal information remains unaffected.
**Gloucester City Council struggles **
Gloucester City Council is still struggling to cope with the ransomware attack that affected its IT systems in December 2021. The attack occurred after hackers exploited third-party systems and, reportedly, encrypted files.
DeadBolt actively targets QNAP devices
In a new finding, Trend Micro has revealed a new set of attacks by DeadBolt ransomware. Researchers found that the ransomware has been targeting NAS devices using QTS 4.3.6 and QTS 4.4.1. After encrypting files, the ransomware offers two different payment schemes: either a victim pays for a decryption key or the vendor pays for a master decryption key that would decrypt data for all victims.
Wild exploitation of Follina vulnerability
Researchers from Proofpoint disclosed blocking a new set of attack attempts that exploited the newly found Microsoft Office Follina vulnerability. The attacks were aimed at government entities in Europe and the U.S. and were conducted via phishing emails. Tracked as CVE-2022-30190, the flaw has a CVSS score of 7.8.
PoC for Atlassian Confluence flaw released
PoC exploits for the actively exploited critical vulnerability impacting Atlassian Confluence and Data Center servers have been publicly released this weekend. This comes just after the firm announced the release of patches for the vulnerability. The flaw, tracked as CVE-2022-26134, can be exploited for remote code execution.
Flaws in U-Boot loader
Two critical vulnerabilities discovered in the U-Boot loader could be exploited to write arbitrary data and gain root access to Linux-based embedded systems. One of these is tracked as CVE-2022-30790 and has a CVSS score of 9.1. The other is described as a buffer overflow vulnerability (CVE-2022-30552) that can lead to DoS attacks.