<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/17/2022



China-linked APT Flew Under Radar for Decade

Researchers have identified a small yet potent China-linked APT that has flown under the radar for nearly a decade running campaigns against government, education and telecommunication organizations in Southeast Asia and Australia. Researchers from SentinelLabs said the APT, which they dubbed Aoqin Dragon, has been operating since at least 2013. The APT is "a small Chinese-speaking team with potential association to [an APT called] UNC94," they reported. READ MORE...

Software Updates

NinjaForms WordPress plugin, actively exploited in wild, receives forced security update

A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild. WordPress has pushed out a forced automatic update to the widely-used Ninja Forms plugin after security researchers. According to an analysis by experts at WordFence, the vulnerability "could allow attackers to execute arbitrary code or delete arbitrary files on sites." READ MORE...


QNAP 'thoroughly investigating' new DeadBolt ransomware attacks

Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they're not exposed to remote access over the Internet. "QNAP recently detected a new DeadBolt ransomware campaign. According to victim reports so far, the campaign appears to target QNAP NAS devices running QTS 4.x," QNAP said today. READ MORE...

New MaliBot Android banking malware spreads as a crypto miner

Cybersecurity researchers have discovered a new Android banking malware named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. MaliBot focuses on stealing financial information such as e-banking service credentials, crypto wallet passwords, and personal details, while it's also capable of snatching two-factor authentication codes from notifications. READ MORE...

Costa Rica Chaos a Warning That Ransomware Threat Remains

Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country's president declaring war against foreign hackers saying they want to overthrow the government. For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in the Central American nation READ MORE...

How Emotet is changing tactics in response to Microsoft's tightening of Office macro security

One of the key findings from the ESET Threat Report T1 2022 is that the Emotet botnet has risen, Phoenix-like, from the ashes, pumping out vast amounts of spam in March and April 2022, to the point that its detections grew more than a hundredfold in the first four months of 2022 compared to the last four months of 2021. Much of this activity involved Word documents tainted with malicious macros. READ MORE...


Sophos Firewall zero-day bug exploited weeks before fix

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. READ MORE...

On This Date

  • ...in 1885, the Statue of Liberty arrives in New York Harbor.
  • ...in 1898, Dutch artist M.C. Escher, known for his mathematically-inspired illustrations of "impossible" objects and architecture, is born in Leeuwarden, Netherlands.
  • ...in 1901, the College Board introduces its first standardized test, the forerunner to the SAT.
  • ...in 1948, former Cincinnati Reds shortstop (and key member of the Big Red Machine) Dave Concepcion is born in Ocumare de la Costa, Venezuela.