{"id":80,"date":"2022-06-29T18:06:40","date_gmt":"2022-06-29T18:06:40","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=80"},"modified":"2023-01-27T19:58:24","modified_gmt":"2023-01-27T19:58:24","slug":"security-bulletin-router-rats-chinese-apts-and-the-25-most-dangerous-software-flaws","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=80","title":{"rendered":"Threat Intelligence Bulletin &#8211; Router RATs, Chinese APTs, and the 25 Most Dangerous Software Flaws"},"content":{"rendered":"\n<p>Phishing campaign using Azure Front Door in attacks<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.helpnetsecurity.com\/2022\/06\/27\/azure-front-door-phishing-attacks\/\">https:\/\/www.helpnetsecurity.com\/2022\/06\/27\/azure-front-door-phishing-attacks\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Outline of phishing campaign abusing QuickBooks cloud domain<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/remote-workforce\/cyberattackers-abuse-quickbooks-cloud-service-ouble-spear-campaign\">https:\/\/www.darkreading.com\/remote-workforce\/cyberattackers-abuse-quickbooks-cloud-service-ouble-spear-campaign<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Experts warn of emerging \u201cBlack Basta\u201d ransomware expanding to target a wide range of industries<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/cybersecurity-experts-warn-of-emerging.html\">https:\/\/thehackernews.com\/2022\/06\/cybersecurity-experts-warn-of-emerging.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Ransomware intrusion attempt leveraged Mitel VoIP appliance as entry to point to environment<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/hackers-exploit-mitel-voip-zero-day-bug.html\">https:\/\/thehackernews.com\/2022\/06\/hackers-exploit-mitel-voip-zero-day-bug.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Chinese APT using ransomware to obfuscate espionage, IP theft objectives<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/state-backed-hackers-using-ransomware.html\">https:\/\/thehackernews.com\/2022\/06\/state-backed-hackers-using-ransomware.html<\/a><\/li><li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-ransomware-attacks-cover-ip-theft\">https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-ransomware-attacks-cover-ip-theft<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Recently detected ZuoRAT malware campaign targets routers to enumerate network, collect data, and hijack internet traffic<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.helpnetsecurity.com\/2022\/06\/28\/zuorat-malware-routers\/\">https:\/\/www.helpnetsecurity.com\/2022\/06\/28\/zuorat-malware-routers\/<\/a><\/li><li><a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/06\/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware\/\">https:\/\/arstechnica.com\/information-technology\/2022\/06\/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>OpenSSL v3.0.4 found vulnerable on x64 systems with AVX-512 instruction set<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/openssh-to-release-security-patch-for.html\">https:\/\/thehackernews.com\/2022\/06\/openssh-to-release-security-patch-for.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Phishing campaign using chat-bot features to phish for sensitive information<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/facebook-business-pages-chatbot-data-harvesting-campaign\">https:\/\/www.darkreading.com\/attacks-breaches\/facebook-business-pages-chatbot-data-harvesting-campaign<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Top 25 \u201cmost dangerous\u201d software flaws according to Homeland Security, CISA, and MITRE<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html\">https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Linux memory corruption bug PwnKit allows unprivileged users to gain root privileges on<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-hackers-exploiting-pwnkit-linux-vulnerability\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-hackers-exploiting-pwnkit-linux-vulnerability\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Phishing campaign using Azure Front Door in attacks https:\/\/www.helpnetsecurity.com\/2022\/06\/27\/azure-front-door-phishing-attacks\/ Outline of phishing campaign abusing QuickBooks cloud domain https:\/\/www.darkreading.com\/remote-workforce\/cyberattackers-abuse-quickbooks-cloud-service-ouble-spear-campaign Experts warn of emerging \u201cBlack Basta\u201d ransomware expanding to target a wide range of industries https:\/\/thehackernews.com\/2022\/06\/cybersecurity-experts-warn-of-emerging.html Ransomware intrusion attempt leveraged Mitel VoIP appliance as entry to point to environment https:\/\/thehackernews.com\/2022\/06\/hackers-exploit-mitel-voip-zero-day-bug.html Chinese APT using ransomware to obfuscate espionage, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-80","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=80"}],"version-history":[{"count":3,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/80\/revisions"}],"predecessor-version":[{"id":112,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/80\/revisions\/112"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}