Go to listing page

Cyware Daily Threat Intelligence, June 07, 2022

Cyware Daily Threat Intelligence, June 07, 2022

Share Blog Post

To threaten your vulnerable systems, a ransomware gang has reportedly signed a pact with the Qakbot (QBot) team. Researchers say the ransomware gang will not use it to gain initial access, but rather for the purpose of spreading laterally across the targeted network.

Furthermore, researchers warned against spam campaigns involving an early-stage malware named SVCReady. The malware is unique in the way that it hides shellcode stored in the document properties. Another update comes from Google, which addressed several high to critical severity security vulnerabilities affecting Android.


Top Breaches Reported in the Last 24 Hours


Personal data of U.S. students leaked
SafetyDetectives discovered a 5GB database exposing the personal information of over 30,000 students with the majority of students being U.S. individuals. The unprotected database apparently belongs to account holders of Transact Campus, which works with higher education institutions in the U.S.

An Italian city targeted
A major cyberattack crippled the systems of the municipality of Palermo in Southern Italy. Not only the citizens but tourists were also impacted by this breach. Media outlets revealed the government’s public video surveillance management, the municipal police operations center, and all of the municipality’s services briefly felt the jolt.

Top Malware Reported in the Last 24 Hours


Black Basta teams up with QBot
The Black Basta ransomware group is now working with QBot operators, a banking trojan active since 2007, claims NCC Group. This will aid ransomware actors to propagate laterally across compromised business networks and systems. The trojan has earlier partnered with the likes of MegaCortex, DoppelPaymer, ProLock, and Egregor ransomware groups.

New malware with big aspirations
A phishing campaign was observed deploying a new malware dubbed SVCReady. Its infection chain begins with sending Microsoft maldocs to targets via email containing VBA macros. Going by the report, the malware boasts an unusual way to enter targeted systems; it uses shellcode hidden in the properties of MS docs. Researchers suspect that the threat group TA551 could be involved in this operation.

Top Vulnerabilities Reported in the Last 24 Hours


Android Security Bulletin is here
Google released details of the 40 Android flaws it addressed in the June 2022 security updates, with several rated as critical. The most severe out of the list, tracked as CVE-2022-20127, was found to impact the System component that could lead to RCE attacks. 
Additionally, there were two more critical-severity vulnerabilities in the System component that hackers can abuse for privilege escalation.

 Tags

qakbot trojan
us students
svcready malware
palermo
video surveillance
android patches
italian government
transact campus
black basta
android security bulletin
spam campaigns

Posted on: June 07, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.