Go to listing page

Cyware Daily Threat Intelligence, July 22, 2022

Cyware Daily Threat Intelligence, July 22, 2022

Share Blog Post

Multiple high-severity vulnerabilities found in Atlassian are posing a major risk to its customers and partners. The bugs are being abused in the wild, meanwhile, the firm has provided methods for companies to identify flaws in their systems. In other news, a hacker group known as TA4563 has been observed using EvilNum malware in its attacks to target foreign exchanges, cryptocurrency, and DeFi firms in Europe.

Additionally, some of the top art organizations in Western Australia appear to have compromised client data. The breach, which appears minor, may have exposed some personal data of the clients.

Top Breaches Reported in the Last 24 Hours


Ukrainian radio operator attacked
TAVR Media, which oversees nine major radio stations in Ukraine, fell victim to a cyberattack. Attackers leveraged the opportunity to broadcast a fake message that President Volodymyr Zelenskyy was in a critical health condition and that his duties were being performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk.

Art organizations suffer breaches
Some of the largest arts organizations in Western Australia, including the Black Swan State Theater Company, Perth Festival, the WA Ballet, and the WA Opera, have suffered a major breach. The incident exposed the personal information of their clients. A clarification from officials said no sensitive personal information such as credit card numbers or government identification numbers.

Top Malware Reported in Last 24 Hours


Europe’s financial sector
Threat group TA4563 continues to target European financial and investment entities, including the DeFi market. In its latest attack campaign, Proofpoint found the use of the EvilNum backdoor, which allows an unauthorized third party to access data, make way for additional payloads, and implement components to evade detection.

Top Vulnerabilities Reported in the Last 24 Hours


Chrome zero-day flaw exploited
Hackers are deploying the DevilsTongue spyware, the brainchild of Israeli surveillance firm Candiru, in Lebanon and other regions to target the journalists. They exploited the recently fixed Chrome zero-day (CVE-2022-2294), a heap buffer overflow in the Web Real-Time Communications (WebRTC) component. Earlier this month, it was used to target journalists in the Middle East.

Atlassian highlights new critical bugs
Atlassian has warned customers and partners against new critical vulnerabilities being exploited in the wild. The three vulnerabilities in question affect Confluence Server, Confluence Data Center, as well as several other products like BitBucket, Bamboo, Fisheye, and Jira. The bugs are tracked as CVE-2022-26136, CVE-2022-26137, and VE-2022-26138.

Top Scams Reported in the Last 24 Hours


Hackers impersonate Norton in invoices
Scammers were found spoofing the Norton brand in a new campaign that uses PayPal to send out fake invoices. The contact detail provided in the invoice is that of the scammers. Avanan researcher has dubbed such campaigns ‘double spear’ wherein not only do they obtain money but also harvest user information which can be used in future attacks.

 Tags

webrtc
paypal phishing attacks
evilnum backdoor
western australia
atlassian
arts organizations
devilstongue
tavr media
ta4563
cve 2022 2294

Posted on: July 22, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.