Go to listing page

Cyware Daily Threat Intelligence, May 23, 2022

Cyware Daily Threat Intelligence, May 23, 2022

Share Blog Post

Today’s highlight has to be Trend Micro’s Zero Day Initiative, which brings you information on 25 zero-days. Patches for many of these have been issued in the interest of users. Along with it, making the headlines is the Snake Keylogger malware exploiting a 22-year-old MS bug and a PDF-based delivery technique, reflecting poorly on the existing patch infrastructure.

Meanwhile, the third-largest school district in the U.S. reported a major system leak. Also, watch out for Elon Musk’s deep fakes luring you to invest your crypto assets on a fraudulent trading platform.

Top Breaches Reported in the Last 24 Hours

Chicago Public Schools’ network compromised
The Chicago Public Schools disclosed that it suffered a massive data breach owing to a ransomware intrusion at its Ohio-based third-party vendor, Battelle for Kids. The incident has reportedly laid bare the personal records of 495,448 students and 56,138 employees stored in its school system.

Top Malware Reported in the Last 24 Hours

22-year-old RCE bug exploited
HP Wolf Security uncovered a malicious campaign that leverages a malicious PDF file and a 22-year-old Office bug to drop the Snake Keylogger malware. First appearing in late 2020, the malware can pilfer sensitive data from a device, such as credentials, keystrokes, screenshots, and clipboard data.

Malware disguised as an exploit
Researchers at Cyble unearthed a malware campaign aimed at the infosec community. In this campaign, a researcher (essentially an imposter) shared a bogus POC exploit code for an RPC Runtime Library Remote Code Execution flaw. The aim, however, was to execute a PowerShell command to deliver a Cobalt Strike Beacon. The disguised malware was available on GitHub.

PyKafka or pymafka?
Sonatype warns developers against malicious packages in the PyPI registry that were rooted by cybercriminals to perform supply chain attacks by deploying Cobalt Strike beacons and backdoors on Windows, macOS, and Linux systems. Those who downloaded it face the risk of allowing initial access to the internal network to an unauthorized party.

Top Vulnerabilities Reported in the Last 24 Hours

Pwn2Own event discovered 25 zero-days
Trend Micro’s Zero Day Initiative has rewarded researchers and security analysts with $1.15 million in total for exposing 25 unique zero-day system flaws that were used to target Tesla Model 3, Ubuntu, Microsoft Teams, Windows 11, Safari, Firefox, and Oracle VirtualBox. Participants demonstrated six Windows 11 privilege escalation exploits, in what was the year’s second Pwn2Own event. Mozilla also released a new Firefox version in response to the findings.

Cisco routers under attack
Cisco became aware of a new vulnerability affecting its IOS XR software in Cisco 8000 series routers. Tracked as CVE-2022-20821, the bug can allow a remote, unauthenticated attacker to access a Redis instance running within a container named NOSi. The firm has informed its customers of the flaw being abused in the wild by adversaries.

Top Scams Reported in the Last 24 Hours

Up to 30% return on crypto deposits
A new deep fake scam motivated to steal cryptocurrency from users’ wallets is doing the rounds. It involves the use of deep fake videos of Elon Musk and other cryptocurrency-related personalities to promote a fraudulent BitVex trading platform. The scam claims that the platform is owned by Elon Musk and was created to allow everyone to earn up to 30% returns on their crypto deposits. Additionally, scammers either hacked existing accounts or created dozens of new YouTube channels to promote their agenda.


snake keylogger
windows 11
chicago public schools
zero day initiative
fake poc exploit
deep fake
mozilla firefox
elon musk

Posted on: May 23, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite