<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/20/2022

SHARE

Top News

DOJ, international law enforcement disrupt massive RSOCKS botnet

An international operation involving the U.S. Department of Justice alongside law enforcement officials in Germany, the Netherlands and the United Kingdom took down a Russian botnet made up of millions of hacked internet-connected devices, the DOJ said in a statement Thursday. Federal prosecutors in the Southern District of California said operators of a botnet botnet known as "RSOCKS" leased access to tens of thousands of compromised internet-connected devices at at time. READ MORE...

Breaches

Breach at Eye Care Software Vendor Hits Millions of Patients

The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions. The Durham, North Carolina-based company, which sells eye care management software solutions, claims to work with more than 9,000 ophthalmologists and optometrists. At least 23 of these eye care providers have been impacted by a data breach that Eye Care Leaders disclosed in December 2021. READ MORE...


Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts

HR consulting firm Robert Half has started informing customers that their personal and financial information might have been compromised after hackers targeted their RobertHalf[.]com accounts. Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between April 26 and May 16. The incident, discovered on May 31, impacts 1,058 individuals. READ MORE...

Hacking

ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site

Cybercriminals who are using the ALPHV ransomware created a dedicated leak website in an apparent attempt to pressure one of their victims into paying the ransom. First observed in November 2021 and also known as BlackCat and Noberus, ALPHV is the first ransomware family to have been developed using the Rust programming language. ALPHV, which is believed to have ties with the cybercrime group behind the Darkside/Blackmatter ransomware, has compromised at least 100 organizations to date. READ MORE...

Software Updates

WordPress Plug-in Ninja Forms Issues Update for Critical Bug

A new security update to the Ninja Forms WordPress plug-in - which has more than 1 million active installations - patches a code injection vulnerability researchers say is being actively exploited in the wild. The Wordfence team analyzed a recent Ninja Forms update and discovered the patch was for a critical code injection bug that could allow several exploits, including remote code execution (RCE) through deserialization of the content provided by users of the WordPress site form builder. READ MORE...

Malware

Android-wiping BRATA malware is evolving into a persistent threat

The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. "The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," explains Cleafy in a report this week. READ MORE...


QNAP NAS devices hit by DeadBolt and ech0raix ransomware

Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. There also appears to be a new ech0raix/QNAPCrypt campaign in progress, according to various sources, though QNAP is yet to comment on that. NAS devices are mostly used by consumers and small-to-medium businesses to store, manage and share files and backups. READ MORE...

Exploits/Vulnerabilities

Cisco says it won't fix zero-day RCE in end-of-life VPN routers

Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices. READ MORE...

On This Date

  • ...in 1782, Congress adopts the Great Seal of the United States.
  • ...in 1863, West Virginia becomes the 35th state.
  • ...in 1963, the United States and the Soviet Union agree to establish a "hot line" in light of the Cuban Missile Crisis.
  • ...in 1975, Steven Spielberg's adaptation of "Jaws" is released, which goes on to become the first modern "blockbuster" film.