Go to listing page

Cyware Daily Threat Intelligence, April 21, 2022

Cyware Daily Threat Intelligence, April 21, 2022

Share Blog Post

BlackCat ransomware operators are swiftly picking up their interest in organizations worldwide. As a matter of concern, the FBI has issued a new advisory that reveals that the ransomware breached more than 60 organizations in just five months. Once thought to be dead, the REvil gang is apparently back in business with a new leak site being promoted on the RuTOR dark web market. There is also an update about the Hive ransomware that is actively leveraging ProxyShell vulnerability to infect email servers.

Moving on to security patch updates, Oracle has released fixes for a whopping 520 vulnerabilities found across its products. This includes Oracle Business Intelligence Enterprise Edition, Oracle Business Process Management Suite, Oracle Coherence, and Oracle HTTP Server, among others. Cisco also addressed multiple vulnerabilities in its products, with one of them being reported by the NSA.

Top Breaches Reported in the Last 24 Hours

Attackers hit Sunwing Airlines
An attack on a third-party system has disrupted the operations of a Canadian airline company, Sunwing Airlines Inc. The firm disclosed that the third-party system used for check-ins and boarding was breached, leaving thousands of passengers stranded at the airport.

Top Malware Reported in the Last 24 Hours

Update on BlackCat ransomware
The FBI has shared an advisory to warn organizations about the escalating attacks by BlackCat ransomware. The note reveals that the ransomware has targeted at least 60 organizations worldwide between November 2021 and March 2022. Additionally, the operators announced nine new victims as of April 21.

REvil makes a comeback
Researchers have spotted REvil ransomware’s servers being up in the Tor network after several months of inactivity. A new leak site associated with the ransomware is being promoted on a RuTOR dark web marketplace. The site includes a list of organizations targeted by the ransomware, out of which two are new ones.

New Hive activities spotted
A Hive ransomware affiliate has been found exploiting the ProxyShell vulnerability in Microsoft Exchange servers to deploy various backdoors, including the Cobalt Strike Beacon. Once the threat actors perform reconnaissance, they steal admin account credentials, exfiltrate valuable data, and deploy the ransomware in the final stage.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle issues 520 patches
Oracle has released its April Critical Patch Update, including fixes for 520 security flaws. Out of these, the highest number of flaws (149) were found in Oracle Communication products. The Oracle Financial Services applications received 41 patches and Oracles Fusion Middleware got 54 patches.Other affected products are Oracle Business Intelligence Enterprise Edition, Oracle Business Process Management Suite, Oracle Coherence, and Oracle HTTP Server.

Cisco patches several flaws
Cisco has announced the release of patches for several high-severity vulnerabilities found in its products. One of these vulnerabilities, reported by the NSA, is a Denial of Service (DoS) issue affecting the TelePresence Collaboration Endpoint (CE) and RoomOS software. It is tracked as CVE-2022-20783 and can be exploited remotely without authentication.

Drupal fixes flaws 
Drupal developers have addressed multiple security flaws in the CMS that could lead to access bypass and data overwrite. The flaws have been fixed in Drupal 9.3.12 and Drupal 9.2.18.

New Threat in Spotlight

FBI update on attacks on the agriculture sector
The FBI has issued an advisory about the potential impact of ransomware attacks on organizations in the Food and Agriculture (FA) sector in the U.S. Two such attacks disrupting the supply of seeds and fertilizers were reported in early 2022.


drupal site
sunwing airlines inc
oracle releases
hive ransomware
blackcat ransomware operators
revil gang

Posted on: April 21, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.