We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 7, 2022

To threaten your vulnerable systems, a ransomware gang has reportedly signed a pact with the Qakbot (QBot) team. Researchers say the ransomware gang will not use it to gain initial access, but rather for the purpose of spreading laterally across the targeted network.

Furthermore, researchers warned against spam campaigns involving an early-stage malware named SVCReady. The malware is unique in the way that it hides shellcode stored in the document properties. Another update comes from Google, which addressed several high to critical severity security vulnerabilities affecting Android.

Top Breaches Reported in the Last 24 Hours

Personal data of U.S. students leaked

SafetyDetectives discovered a 5GB database exposing the personal information of over 30,000 students with the majority of students being U.S. individuals. The unprotected database apparently belongs to account holders of Transact Campus, which works with higher education institutions in the U.S.

An Italian city targeted

A major cyberattack crippled the systems of the municipality of Palermo in Southern Italy. Not only the citizens but tourists were also impacted by this breach. Media outlets revealed the government’s public video surveillance management, the municipal police operations center, and all of the municipality’s services briefly felt the jolt.

Top Malware Reported in the Last 24 Hours

Black Basta teams up with QBot

The Black Basta ransomware group is now working with QBot operators, a banking trojan active since 2007, claims NCC Group. This will aid ransomware actors to propagate laterally across compromised business networks and systems. The trojan has earlier partnered with the likes of MegaCortex, DoppelPaymer, ProLock, and Egregor ransomware groups.

New malware with big aspirations

A phishing campaign was observed deploying a new malware dubbed SVCReady. Its infection chain begins with sending Microsoft maldocs to targets via email containing VBA macros. Going by the report, the malware boasts an unusual way to enter targeted systems; it uses shellcode hidden in the properties of MS docs. Researchers suspect that the threat group TA551 could be involved in this operation.

Top Vulnerabilities Reported in the Last 24 Hours

Android Security Bulletin is here

Google released details of the 40 Android flaws it addressed in the June 2022 security updates, with several rated as critical. The most severe out of the list, tracked as CVE-2022-20127, was found to impact the System component that could lead to RCE attacks.

Additionally, there were two more critical-severity vulnerabilities in the System component that hackers can abuse for privilege escalation.

Related Threat Briefings