Go to listing page

Cyware Daily Threat Intelligence, April 13, 2022

Cyware Daily Threat Intelligence, April 13, 2022

Share Blog Post

It’s raining patches! Microsoft has rolled out security updates for a whopping 128 new vulnerabilities, including two zero-day flaws, this month. Adobe has dealt with over 70 security vulnerabilities that could be exploited to cause major damage. Industrial giants Siemens and Schneider Electric have addressed more than two dozen vulnerabilities found across their products.

In separate news, Mirai and Gafgyt have got a new sibling named Enemybot. The botnet has targeted a wide range of routers from Seowon Intech and D-Link. The infamous Hafnium threat actors are also back in the news for using a new defense evasion malware called Tarrask.

Top Breaches Reported in the Last 24 Hours


U.S. government agency targeted
LockBit ransomware group managed to maintain its persistence on a regional U.S. government agency for at least five months. However, logs retrieved from the compromised machines showed that two threat groups were engaged in reconnaissance and remote access operations. The toolset included utilities for brute-force attacks, scanning, and command execution.

Top Malware Reported in the Last 24 Hours


New Tarrask malware
Microsoft has uncovered a new campaign associated with the Chinese-backed Hafnium hacking group. The campaign leverages an unpatched zero-day in Windows task scheduling to deploy a new malware named Tarrask. The malware successfully evades detection by deleting the Security Descriptor registry value associated with its hidden scheduled tasks.

New Remcos RAT campaign
Security researchers detected a new Remcos RAT campaign that targeted the African banking sector. Threat actors attempted to deliver the malware using the HTML smuggling technique. The phishing emails purported to be from a recruiter from another African bank with information about job opportunities.

New Enemybot botnet
A new Enemybot botnet, which was first discovered in March, borrows modules from both Mirai and Gafgyt botnets. It was recently observed targeting routers from Seowon Intech, D-Link, Netgear, and Zhone. The threat actors behind the botnet employ brute-force attacks and exploit tools to compromise devices.

Emotet upgraded
The notorious Emotet trojan has been upgraded with 16 additional modules. Some of these modules are used for spamming and pilfering credentials from different web browsers and email accounts.

Top Vulnerabilities Reported in the Last 24 Hours


Microsoft patches 128 flaws
Microsoft has patched 128 flaws affecting its Windows systems. Two of these are zero-day flaws, with one of them being exploited in the wild. Some of the affected products are Windows OS, Microsoft Office, Dynamics, Edge, Hyper-V, File Server, Skype for Business, and Windows SMB.

Adobe fixes over 70 flaws
Adobe has released patches for 78 security vulnerabilities that could be exploited to cause major damage. The flaws are found in Adobe Acrobat and Reader, Adobe Photoshop, Adobe After Effects, and Adobe Commerce. Successful exploitation of the flaws can lead to arbitrary code execution, memory leak, and privilege escalation.

SAP fixes Spring4Shell flaw
SAP has announced more than 30 new updates for security vulnerabilities affecting its products. Three of these are related to the Spring4Shell flaw. Some of the new high priority updates address a potential information leakage bug in the Business Intelligence Platform, an information disclosure issue in Business Intelligence Update, a DoS flaw in Netweaver, and a privilege escalation vulnerability in the Apache Tomcat component of SAP Commerce.

ICS industries patch multiple flaws
Siemens and Schneider Electric have addressed over two dozen vulnerabilities as part of their April 2022 Security Patch Updates. While Schneider Electric has released two advisories for two different vulnerabilities, Siemens has published 11 advisories for vulnerabilities that can be exploited remotely and cause devices to crash, obtain sensitive information, and execute arbitrary code.

Top Scams Reported in the Last 24 Hours


USPS phishing scam
A scam that leverages US Postal Service messages is doing the rounds. The message informs about undelivered packages and asks the recipients to check the delivery status by clicking on a link. The link redirects the victims to malicious or spam content.

 Tags

gafgyt botnet
enemybot botnet
remcos rat campaign
lockbit ransomware group
emotet trojan
spring4shell flaw

Posted on: April 13, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.