Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 22, 2022

Critical zero-days have been reported in Adobe Illustrator, with four of them associated with memory leaks and one with arbitrary code execution. In another update, Taiwanese hardware vendor QNAP has requested its customers’ attention to another RCE flaw that affects a wide range of devices.

Russia-backed state actors have launched another attack campaign toward Ukraine through maldocs weaponized with the Follina exploit. With this, the group attempted to target U.S. politicians and organizations, including nuclear facilities.

Top Malware Reported in the Last 24 Hours

Rig Exploit Kit changes payload

Bitdefender observed the operators of the Rig Exploit Kit dropping the Dridex banking trojan, replacing the Raccoon Stealer malware as it isn’t active anymore. Hackers have been targeting cryptocurrency apps, notable web browsers, and popular email clients. Researchers suggested that the agility of the Rig Exploit Kit allows threat actors to rapidly substitute payloads in case of detection or compromise.

Crypto-supporting browsers targeted

A PowerShell script was found targeting cryptocurrency-related browser apps or extensions, including Chrome, Brave, and Edge. Hackers can replace a wallet address with their own to fraudulently obtain the currency. The C2 communications are allegedly taking place via a newly registered domain: wmail-endpoint[.]com.

New stalker variant used against Ukraine

Malwarebytes Threat Intelligence and CERT-UA highlighted a cyberattack by Russian threat actor APT28 that weaponized the Follina exploit—through maldocs—to execute a new .Net stealer on the systems of Ukrainian organizations. The maldoc’s filename, Nuclear Terrorism A Very Real Threat.rtf, attempts to bait fearful victims in the country.

Top Vulnerabilities Reported in the Last 24 Hours

Critical RCE flaw in QNAP

QNAP is alerting its customers about an RCE flaw affecting most of its Network Attached Storage devices. The bug, identified as CVE-2019-11043, is a three-year-old critical PHP flaw affecting PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. While it was fixed for some OS devices but the devices still impacted are QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later.

Five Zero-day in Adobe Illustrator

Fortinet discovered five zero-day critical or important vulnerabilities across two Adobe Illustrator plugins. These are tracked as CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668, and CVE-2022-30669. According to researchers, the noted vulnerabilities lead to arbitrary code execution or memory leak.

Top Scams Reported in the Last 24 Hours

Scammers profiting despite crypto fall

Many crypto users and investors in India continue to fall for high-profile scams related to cryptocurrencies and crypto-trading. CloudSEK researchers revealed that the CoinEgg scam has caused losses of over $128 million via phishing domains and Android-based fake crypto applications. CoinEgg is actually a legitimate U.K-based cryptocurrency trading platform.

Related Threat Briefings