Security News > 2023 > July

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. "Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps," the social media giant said.

Chinese video surveillance equipment maker Hikvision was reportedly paid $6 million by Beijing last year to provide technology that could identify members of the nation's Uyghur people, a Muslim ethnic majority, according to physical security monitoring org IPVM. The payment was documented in a contract between Hikvision and the Chinese government obtained by IPVM. "While the People's Republic of China has sharply restricted access to sensitive documents such as this one, this shows that persecution of Uyghur ethnic minorities is ongoing and that Hikvision, in what the authorities called its 'standard configuration,' can and does supply this human rights-abusing software," IPVM's researchers reported last week. Hikvision earned itself a spot on the US blacklist in 2019 for allegedly being complicit in Beijing's suppression of the Uyghur population.

Researchers have just published a paper showing how to automate the discovery of prompt injection attacks. The paper shows how those can be automatically generated.

The most widely used method for ransomware delivery in 2022 was via URL or web browsing, Palo Alto Networks researchers have found. Third-party apps were the primary entry vector for ransomware infections in 8.2% of cases recorded by the company in 2022.

The Cybersecurity and Infrastructure Agency has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway appliances. In late May, Barracuda warned that attackers have been exploiting the vulnerability in Barracuda Networks' ESG physical appliances.

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors.

Microsoft fixed a known issue impacting WSUS servers upgraded to Windows Server 2022, causing them not to push Windows 11 22H2 updates to enterprise endpoints. This issue only affects WSUS servers running Windows Server 2022, specifically, those upgraded from Windows Server 2016 or Windows Server 2019.

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity vendor Doctor Web said in an analysis. "Such installers are used as a decoy and contain not only the software potential victims are interested in, but also the trojan itself with all its components."

If one good shot can blow an organization open, where's the money going? More pertinently, why don't more people care? If that's politically acceptable in climate policy while large parts of the world are literally burning during the hottest month on record, where will the political will come from to fixing the much more abstruse problems with cybersecurity?

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week.