Go to listing page

Cyware Daily Threat Intelligence, April 29, 2022

Cyware Daily Threat Intelligence, April 29, 2022

Share Blog Post

The lesser-known Stonefly APT has partnered with the Lazarus group to stir the infamous ‘Operation Dream Job’ campaign. Researchers claim that the North Korea-based hacking group is exploiting the Log4Shell vulnerability to mount espionage attacks against highly specialized engineering companies and steal their sensitive intellectual property. Meanwhile, a new malware dubbed BrownFlood has surfaced targeting at least 36 Ukrainian websites in an ongoing DDoS attack spree.

In other news, Cisco and QNAP have urged organizations to apply security patches for critical vulnerabilities affecting their products.

Top Breaches Reported in the Last 24 Hours


Deus Finance confirms hack
Decentralized finance platform Deus Finance confirmed reports of a hack that allowed the attackers to steal more than $13 million from the platform. A variant of a flash loan attack was used to pilfer funds from users’ wallets.

Ongoing DDoS attacks
CERT-UA has published a warning of ongoing DDoS attacks against pro-Ukraine sites and government web portals. Threat actors are compromising WordPress sites and injecting malicious JavaScript code, named BrownFlood, to perform the attacks. At least 36 websites have, so far, been targeted in the attacks.

Top Vulnerabilities Reported in the Last 24 Hours


Cisco patches 11 flaws
Cisco announced the release of security patches for 11 high-severity vulnerabilities affecting its Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). The most severe of these is tracked as CVE-2022-20746 and can be exploited by sending a crafted stream of TCP traffic through an affected device. 

Microsoft patches a flaw in Azure PostgreSQL
Microsoft has patched a security weakness in Azure PostgreSQL which could have been exploited to execute malicious code. Described as a cross-account database vulnerability, the flaw can be exploited to gain read access to PostgreSQL databases without authorization. Microsoft has confirmed that there is no evidence of exploitation of the flaw in the wild.

Vulnerabilities affecting Netatalk
Users of Synology and QNAP NAS devices were advised by the vendors to patch several critical vulnerabilities affecting Netatalk, an open-source implementation of the Apple Filing Protocol (AFP). The flaws in question are CVE-2022-0194, CVE-2022-23122, CVE-2022-23125, CVE-2022-23123 CVE-2022-23124, CVE-2022-23121 and CVE-2021-31439. They have been patched in Netatalk v3.1.1. 

Top Scams Reported in the Last 24 Hours


Phishers hijack Facebook user profiles
Multiple Facebook pages claiming to be account recovery services pages were uncovered by researchers. The hijacked pages belonged to musicians, products, and businesses. Once the phishers took over the page, they changed the name, profile picture, and other identities to make it look like a support page.

 Tags

facebook user profiles
synology nas device
qnap nas devices
cisco firepower management center fmc
firepower threat defense ftd software
adaptive security appliance asa
deus finance

Posted on: April 29, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.