cyware.com
Open in
urlscan Pro
3.33.180.61
Public Scan
URL:
https://cyware.com/daily-threat-briefing/cyware-daily-threat-intelligence-june-23-2022-a69c
Submission: On June 28 via api from GB — Scanned from GB
Submission: On June 28 via api from GB — Scanned from GB
Form analysis 0 forms found in the DOM
Text Content
* Products VIRTUAL CYBER FUSION Stay ahead of threats with our virtual cyber fusion solutions for threat intelligence sharing and analysis, threat response, and security automation. CSAP Situational Awareness CTIX Threat Intelligence Exchange CFTR Fusion & Threat Response CYWARE ORCHESTRATE Vendor Agnostic Orchestration Platform -------------------------------------------------------------------------------- CTIX LITE Entry Level TIP CTIX SPOKE Threat Intel Solution for ISAC/ISAO Members CYWARE BROWSER EXTENSION Threat Intel Crawler * Solutions BY CAPABILITIES View all VIRTUAL CYBER FUSION INFORMATION SHARING THREAT INTELLIGENCE AUTOMATION SITUATIONAL AWARENESS BY USE CASES View all RANSOMWARE ALERT RESPONSE MALWARE ALERT INVESTIGATION DENIAL-OF-SERVICE (DOS) ALERT MITIGATION AUTOMATED THREAT INTELLIGENCE ENRICHMENT BY INDUSTRY ENTERPRISE ISAC/ISAO ISAC/ISAO MEMBERS CERT MSSP * Integrations INTEGRATIONS Learn how our solutions seamlessly connect with other tools and technology partners to fit your security needs TOOL INTEGRATIONS TECHNOLOGY PARTNERS OPEN APIS MISP * Resources RESOURCES LIBRARY Stay updated on the cyber threat landscape with free daily alerts, the latest industry reports, security trends, and more. Explore Now CYWARE BLOG EDUCATIONAL GUIDES CYWARE INSIGHTS CYWARE THREAT INTELLIGENCE FEEDS RESEARCH AND ANALYSIS DAILY THREAT BRIEFING WEEKLY THREAT BRIEFING MONTHLY THREAT BRIEFING VIDEOS CYWARE FUSION CENTER CYWARE ACADEMY CYWARE COMMUNITY Get these resources directly in your email and stay updated! Subscribe * Company CONTACT US Get in touch with our team to learn more about our solutions and how they can help your organization. LEADERSHIP CAREERS WE’RE HIRING PRESS & MEDIA PRESS KIT PRESS RELEASES * * Get a Demo * Login * Login Go to listing page CYWARE DAILY THREAT INTELLIGENCE, JUNE 23, 2022 * Threat Intelligence SHARE BLOG POST * * * * Conti cybercrime group is on a hacking spree as researchers discover one of the shortest and most successful campaigns from 2021. Codenamed as ARMattack, the campaign targeted more than 40 organizations in less than two months. It is to be noted that the gang’s fastest attack was carried out in only three days. A new malware loader dubbed Nimbda has also caught the attention of researchers while investigating an attack campaign associated with the Tropic Trooper APT group. In other news, several operational technology devices from 10 Industrial Control System (ICS) vendors are impacted by 56 flaws that are collectively called OT:Icefall. The flaws are yet to be patched by vendors. Meanwhile, Google has addressed 14 security vulnerabilities found in the Chrome 103 browser. TOP BREACHES REPORTED IN THE LAST 24 HOURS Automotive manufacturer affected The U.S subsidiary of Nichirin Co. was forced to halt some of its operations following a ransomware attack. According to the firm, the attack occurred on June 14 after attackers gained unauthorized access to its systems. DDoS attacks observed Cyber Spetsnaz has been held responsible for multiple DDoS attacks against Lithuanian government resources and critical infrastructure. The list of targets includes logistics companies, transport infrastructure, airports, and energy companies, among others. Conti’s ARMattack campaign exposed Conti cybercrime group ran one of its most aggressive operations to hack more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign as ARMattack and revealed that it occurred between November 17 and December 20, 2021. TOP MALWARE REPORTED IN THE LAST 24 HOURS New Nimbda loader spotted Check Point researchers have discovered a new malware loader, dubbed Nimbda, in a new campaign associated with the Tropic Trooper APT group. Written in Nim language, the loader is a variant of the Yahoyah trojan and leverages a malicious version of the SMS Bomber tool for propagation. The attackers had used the loader to deploy TClient backdoor in the final stage of the campaign. TOP VULNERABILITIES REPORTED IN THE LAST 24 HOURS Flawed OpCon UNIX agent fixed SMA Technologies OpCon UNIX has fixed a critical vulnerability in OpCon UNIX agent that resulted in the same SSH key being deployed in every installation. Tracked as CVE-2022-2154, the issue impacted the 21.2 and earlier versions of the OpCon UNIX agent. Google patches Chrome 103 Google has announced the release of a stable version of Chrome 103 that includes patches for a total of 14 vulnerabilities. Some of these could lead to arbitrary code execution, corruption of data, or denial of service attacks. The most severe of these flaws is tracked as CVE-2022-2156 and is described as a use-after-free issue in Base. Jacuzzi fixes critical flaws Jacuzzi has fixed multiple security vulnerabilities in its SmartTub app, for Android and iOS, that could enable attackers to view and potentially manipulate the personal data of hot tub owners. According to researchers, the abuse of the vulnerabilities exposed the first names, last names, and email addresses of users. MEGA patches critical flaws MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. According to researchers, the flaws can be abused in a variety of ways, including Plaintext Recovery attack, Framing attack, Integrity attack, and Guess-and-Purge (GaP) Bleichenbacher attack. Advisories for OT:Icefall released Forescout researchers have discovered a set of 56 vulnerabilities affecting devices from 10 ICS vendors. Collectively called OT:Icefall, the flaws are related to insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware update mechanisms, and native functionality abuse. Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. Vendors are yet to release patches for the flaws. TOP SCAMS REPORTED IN THE LAST 24 HOURS Microsoft 365 users targeted A phishing email campaign spoofed MetaMask cryptocurrency wallet provider in an attempt to steal recovery phrases from Microsoft 365 users. The recovery phrases could later enable attackers to steal NFTs and cryptocurrency from compromised wallets. The phishing email used a Know Your Customer (KYC) verification request to lure recipients into sharing sensitive data. -------------------------------------------------------------------------------- TAGS microsoft 365 customers oticefall armattack campaign jacuzzi smarttub app nimbda Posted on: June 23, 2022 -------------------------------------------------------------------------------- Previous CYWARE DAILY THREAT INTELLIGENCE, JUNE 2... Next CYWARE DAILY THREAT INTELLIGENCE, J... RECENT POSTS June 27, 2022 CYWARE DAILY THREAT INTELLIGENCE, JUNE 27, 2022 From critical to high-severity flaws, Codesys addressed nearly a dozen vulnerab... ics devices atlassian confluence server + 10 more June 24, 2022 CYWARE DAILY THREAT INTELLIGENCE, JUNE 24, 2022 Log4Shell continues to haunt organizations in the U.S. as the government agenci... covid 19 spam messages nhs + 10 more June 23, 2022 CYWARE DAILY THREAT INTELLIGENCE, JUNE 23, 2022 Conti cybercrime group is on a hacking spree as researchers discover one of th... microsoft 365 customers oticefall + 3 more MORE FROM CYWARE Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs. BLOG Discover a Smarter Way to Synchronize Data with Cyber Fusion Center WEEKLY THREAT BRIEFING Cyware Weekly Threat Intelligence, June 20 - 24, 2022 MONTHLY THREAT BRIEFING Cyware Monthly Threat Intelligence, May 2022 THE VIRTUAL CYBER FUSION SUITE CSAP Situational Awareness Platform CTIX Threat Intelligence eXchange CYWARE ORCHESTRATE Vendor Agnostic Orchestration Platform CFTR Fusion & Threat Response EXPLORE INDUSTRY BRIEFS CYWARE FOR ENTERPRISE Adopt next-gen security with threat intelligence analysis, security automation... CYWARE FOR ISACS/ISAOS Anticipate, prevent, and respond to threats through bi-directional threat in... CYWARE FOR MANAGED SECURITY SERVICE... Automate security monitoring and response for your clients. CYWARE FOR COMPUTER EMERGENCY RESPO... Protect your constituents through automated threat intelligence sharing and re... EXPLORE SOLUTIONS CAPABILITIES RESOURCE LIBRARY USE CASES PRODUCTS * Cyware Situational Awareness Platform (CSAP) * Cyware Threat Intelligence eXchange (CTIX) * Cyware Fusion and Threat Response (CFTR) * Cyware Orchestrate * CTIX Lite * CTIX Spoke * Cyware Threat Intel Crawler * Product FAQs SOLUTIONS * Capabilities * Use Cases * Enterprise * ISAC/ISAO * ISAC/ISAO Members * CERT * MSSP INTEGRATIONS * Tool Integrations * Technology Partners * Open APIs * MISP * -------------------------------------------------------------------------------- * Environments * Channel Partners * Technical Support Plans RESOURCES * Resource Library * Cyware Blog * Educational Guides * Cyware Insights * Cyware Threat Intelligence Feeds * Research and Analysis * Daily Threat Briefing * Weekly Threat Briefing * Monthly Threat Briefing * Videos * Cyware Fusion Center * Cyware Academy * Cyware Community * Cyber Fusion Center Guide COMPANY * Leadership * Careers We’re Hiring * Press & Media * Press Kit * Press Releases * Responsible Vulnerability Disclosure * Contact Us * Funding * Legal Get in touch with us now! 1-855-692-9927 * * * * * Terms of Use Privacy Policy © 2022 To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy. Accept