Cyware Weekly Threat Intelligence, June 13 - 17, 2022

Weekly Threat Briefing • June 17, 2022
Weekly Threat Briefing • June 17, 2022
A good cybersecurity model helps government and private organizations stay ahead of cyberattacks. Taking an initiative in this aspect, the Coalition to Reduce Cyber Risk (CR2) has collaborated with 37 tech leaders to sign a pledge that aims at improving cybersecurity standards. In parallel, the CISA has announced that the Cybersecurity Maturity Model Certification (CMMC) 2.0 is in the process of making and will be launched in 2023.
The recently discovered Atlassian Confluence flaw remains under attack. Reports suggest that ransomware groups have jumped on the bandwagon to exploit the flaw and launch widespread attacks. Meanwhile, the Sandworm APT used the Follina vulnerability as an attack vector to infiltrate the networks of multiple media organizations in Ukraine. The Monkeypox outbreak has caught the attention of phishers and is now being used as a lure in phishing campaigns.
A new threat to the security of cryptographic software has come to the notice of researchers. Called Hertzbleed, the attack can enable attackers to steal full cryptographic keys by exploiting flaws in modern Intel and AMD processors. There is also an update on the recent activities of the BlackCat RaaS operation. Microsoft revealed that several cybercrime gangs such as DEV-0237 and DEV-0504 have been hiring the ransomware service to launch attacks. Additionally, the BlackCat group has taken its extortion tactic to a new level to put more pressure on victims. A new phishing tool capable of spoofing Microsoft Office and Google is also gaining traction among cybercriminals.