Go to listing page

Cyware Daily Threat Intelligence, February 16, 2022

Cyware Daily Threat Intelligence, February 16, 2022

Share Blog Post

SquirrelWaffle, the newish malware loader in the threat landscape, is digging its claws into unpatched Microsoft Exchange servers for financial fraud. So, if your organization has not yet patched the ProxyLogon and ProxyShell flaws, this is something you have to deal with urgently. The tricky part of the campaign is that the attackers are using hijacked email threads and typo-squatted domains to add legitimacy to the email conversation.

The sneaky technique involving hijacked email threads was also a part of the latest attack campaign that distributed the Emotet trojan. The email included zip files, which when opened, caused the execution of Excel 4.0 macros. Meanwhile, the CISA has updated the ‘Known Exploited Vulnerabilities’ catalog by adding nine new flaws, one of them being a zero-day flaw affecting the Magento Open Source platform.

Top Breaches Reported in the Last 24 Hours

DDoS attacks on websites
A series of DDoS attacks knocked off several government and banking websites in Ukraine. This included the websites of the defense ministry, foreign and culture ministry, and the two largest state-owned banks - Privatbank and Sberbank. Meanwhile, the banks have managed to restore their operations and websites following the attacks.

ISOC exposes data
The Internet Society (ISOC) has inadvertently exposed the personal data of more than 80,000 members due to an unprotected Microsoft Azure cloud repository. The misconfigured repository contained millions of JSON files, including full names, email addresses, mailing addresses, and login details of members.

Top Malware Reported in the Last 24 Hours

SquirrelWaffle backdoor returns
SquirrelWaffle backdoor is targeting Microsoft Exchange servers vulnerable to ProxyLogon and ProxyShell vulnerabilities. While the malware initially targeted the servers to distribute Cobalt Strike beacons through hijacked email threads, researchers uncovered one email thread conversation that conducts financial fraud.

Emotet email attack campaign
A new phishing email attack campaign was found distributing the Emotet trojan. The campaign leveraged stolen email threads to bypass security systems. It included a zip file that resulted in the execution of Excel 4.0 macros.

Top Vulnerabilities Reported in the Last 24 Hours

High-risk vulnerability in Grafana
A high-impact web security vulnerability in Grafana can enable attackers to elevate their privileges to the administrator level. The cross-site request forgery vulnerability is tracked as CVE-2022-21703 and affects versions prior to 7.5.15 and 8.3.5.

Flawed Apache Cassandra fixed
A high-severity flaw in Apache Cassandra could be abused to gain remote code execution on affected installations. The flaw is tracked as CVE-2021-4451 and has a CVSS score of 8.4. The developers have fixed the vulnerability by upgrading to versions 3.0.26, 3.11.12, and 4.0.2.

CISA adds nine more flaws
The CISA has added a list of nine bugs to its Known Exploited Vulnerabilities catalog. Two of these are related to Chrome and Magento. The flaws are an improper input validation flaw in Adobe Commerce and a use-after-free vulnerability in Google Chrome.


emotet trojan
proxylogon vulnerability
proxyshell vulnerability
squirrelwaffle backdoor

Posted on: February 16, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.