---
title: "Cyber Security News Update, Week 5 of 2022 | DuoCircle"
description: "This week’s cyber headlines consist of some very significant developments, updates, and patches."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/"
---

Quick Answer

Week 5 of 2022 covered six items. Kaspersky reported that industrial control systems are targeted because operators delay patching to avoid downtime and because IT-OT segmentation is often weaker than assumed, with attackers using stolen RDP credentials and phishing as common entry points. A high-severity vulnerability in the WordPress WP HTML Mail plugin allowed unauthenticated attackers to modify email templates and inject content into outgoing site emails. Singaporean users were warned of scams that manipulated Google Search results to push fake support numbers tied to call-center fraud. McAfee patched a high-severity local privilege escalation flaw in its Agent component used by enterprise endpoint protection deployments. Researchers documented several previously patched vulnerabilities that returned through incomplete fixes, emphasizing the need to verify mitigations rather than assume them. The Chinese-linked Earth Lusca group was observed targeting government, media, and academic organizations across multiple regions with custom malware including Doraemon and Cobalt Strike loaders.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202022&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2022%2F&title=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%205%20of%202022&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2022%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2022/02/smtp-providers-5921.jpg) 

This week’s cyber headlines consist of some very significant developments, updates, and patches. Read on to know about the top [cybersecurity headlines](/announcements) from the bygone week.

## Kaspersky Reports Why Cyberattackers Target ICS Networks

Much has been said about the vulnerability of businesses’ IT and OT networks, but the latest Kaspersky ICS CERT reveals that in recent years, adversaries have increased their [attacks on Industrial Control System](https://cyware.com/news/attackers-exploit-corporate-infrastructure-for-credentials-on-ics-networks-e611cb68) (ICS) networks. _The attackers primarily aim to steal sensitive corporate data from these networks_, which can then be used for financial and other frauds. In a typical attack, adversaries send [spear-phishing emails](/content/spear-phishing-protection/spear-phishing-examples) to the contacts of an already compromised mail address. They rely on spyware such as HawkEye, Azorult, Agent Tesla, and Snake Keylogger to infect victim devices, steal data, and spread the malware further within the network.

Kaspersky notes that most of these _attacks are conducted by small groups with fewer skills_, and they engage primarily in financial fraud. However, there are exceptions among these bad actors who look for more significant stakes and credentials that can give them access to corporate networks. _The elaborate Kaspersky project highlights that **over 2000 corporate email** accounts of ICS networks have been compromised so far_. It suggests that there are **over 25 dark marketplaces** selling the credentials stolen from these attacks. Since industrial networks are now a hit in the attackers’ community, Kaspersky advises ICS networks to use **cybersecurity tools** and measures like [MFA](/phishing-protection/how-the-latest-scam-shows-two-factor-authentication-doesnt-prevent-phishing/) (Multi-factor Authentication).

[![phishing emails](https://media.mailhop.org/duocircle/images/2022/02/windows-smtp-service-7592.jpg)](https://media.mailhop.org/duocircle/images/2022/02/windows-smtp-service-7592.jpg)

## High Severity Vulnerability Detected in WordPress WP HTML Mail Plugin

_Cybersecurity experts at Wordfence have discovered a high-severity flaw in the WordPress WP HTML Mail plugin_, which is installed in **over 20,000 sites**. If exploited, they could let an adversary conduct code injection and distribute [phishing emails](/phishing-protection/how-to-stop-phishing-emails-and-protect-your-organization-from-cyber-criminals/). [WP HTML Mail](https://www.bleepingcomputer.com/news/security/wordpress-plugin-flaw-puts-users-of-20-000-sites-at-phishing-risk/) is used to design contact form notifications, custom emails, and generally tailored messages that online websites regularly send to their customers and audience. It is preferred because of its compatibility with online website tools such as Ninja Forms, WooCommerce, BuddyPress, etc. Despite having a limited number of site users, the **vulnerability in the plugin** still poses a threat because the cumulative audience of all these sites runs in hundreds of thousands.

Wordfence reports that unauthenticated adversaries could easily **exploit this vulnerability** dubbed CVE-2022-0218 and corrupt an email template with arbitrary data of their choice. In addition, the flaw also enables attackers to [send phishing emails](/phishing-protection/how-to-prevent-phishing-and-spoofing/) to anyone registered on any of the compromised sites.

_Cybersecurity researchers from Wordfence notified the plugin developers of this vulnerability on 23rd December 2021_, and a **[security update](/announcements)** for the same was released in Version 3.1 of the plugin on 13th January 2022\. Therefore, to ensure [email security](/), _all WordPress site admins and owners must update the latest version of the WP HTML Mail plugin at the earliest_.

## Singaporeans Beware of New Scam Messing With Google Search Results

_The Singapore Police Force (SPF) has recently released an advisory warning people of fake bank hotline numbers that pop up in Google searches_. The scam had cost people **over $367,775** since December last year. Therefore, the SPF wants people to stay clear of this new attack vector [targeting Google’s search](https://www.zdnet.com/article/singapore-police-warns-of-ad-scams-targeting-google-search-users/) platform users.

In a typical scam, **phishing ads** with fraudulent bank contact details pop up on Google searches when users are searching for bank contact numbers. _Any unsuspecting user who calls on these numbers reaches someone impersonating a bank employee_ who, in reality, is a member of the hacker group who convinces the victim that there is an issue with their account. Naturally, people panic after hearing this and do whatever the [impersonated](/email-security/reducing-the-risk-of-email-impersonation-attacks-6-email-security-measures-you-need-to-consider/) bank employee deems best. The victims are then asked to transfer all funds to another bank account (adversaries claim the bank owns this) until the issue is resolved. To increase the authenticity of the scam, adversaries even used a strategy of sending SMS alerts to the victims with spoofed sender IDs of the bank.

There is no way to know that victims have been trapped other than contacting the bank through one of its legitimate hotline numbers or until one receives a call from the bank asking for the reason behind transferring such huge amounts of money. The advisory indicates that **over 470 customers** of the OCBC Bank have lost **over SGD 8.5 million** to this scam. The Monetary Authority of Singapore (MAS) has introduced some [cybersecurity measures](/email-security/why-it-is-crucial-for-smes-to-have-a-robust-cybersecurity-posture/) keeping in mind this new attack scheme.

## McAfee Fixes High Severity Flaw

_McAfee (now a part of Trellix) has recently fixed a high-severity vulnerability_, CVE-2022-0166 in its [McAfee Agent software](https://securityaffairs.co/wordpress/127044/security/mcafee-agent-code-execution-flaw.html) for Windows. _The vulnerability could enable an adversary to escalate privileges and run arbitrary code with SYSTEM privileges_. The McAfee Agent software is a part of the McAfee ePolicy Orchestrator (McAfee ePO) which is in charge of downloading and enforcing policies. It also executes client-side tasks like deployment and updating in addition to other roles.

The current flaw was first discovered by Will Dormann (CERT/CC vulnerability analyst). In its advisory, McAfee writes that the vulnerability exists in Agent versions before 5.7.5 and uses a malicious file “openssl.cnf to specify the OPENSSLDIR variable as a subdirectory within the installation directory.” McAfee’s proactive **cybersecurity measures** ensured that the vulnerability was patched in the McAfee Agent version 5.7.5, released on 18th January 2022.

[![Secure Mobile Access](https://media.mailhop.org/duocircle/images/2022/02/buy-smtp-5924.jpg)](https://media.mailhop.org/duocircle/images/2022/02/buy-smtp-5924.jpg)

## Are Fixed Vulnerabilities Really Fixed?

One would think that patched flaws are history, but in this incident, a critical severity [vulnerability in SonicWall’s Secure Mobile Access](https://www.bleepingcomputer.com/news/security/attackers-now-actively-targeting-critical-sonicwall-rce-bug/) (SMA) gateways (which was patched previously) is exploited in ongoing cyberattacks. The vulnerability (dubbed CVE-2021-20038) was first discovered by Jacob Baines (Rapid7 Lead Cybersecurity Researcher). It is a stack-based buffer overflow **affecting SMA 100 series** appliances (SMA 200, 210, 400, 410, and 500v) despite the presence of an active **web application firewall** (WAF). Exploiting this bug enables threat actors to execute remote code in compromised SonicWall appliances.

After releasing the patch last December, _SonicWall urged all customers to implement it to avoid any cybersecurity risks_. It had further mentioned that there was no evidence to prove the bug’s exploitation, but now there are reports from an NCC Group security consultant, Richard Warren, suggesting that the vulnerability is indeed being exploited in the wild. In its defense, SonicWall says it is actively monitoring the flaw and has not observed any successful exploitation of the CVE-2021-20038 flaw targeting SMA 100 appliances.

## Beware of Chinese Threat Actor Earth Lusca

_A Chinese hacker group called ‘Earth Lusca’ was recently discovered to have been conducting financially motivated attacks_ and **spying on strategic targets** for several years now. The Earth Lusca APT has been [targeting organizations](https://cyware.com/news/china-based-earth-lusca-group-targeting-multiple-industries-0b71e6ff) of interest to the Chinese government, intending to collect intelligence. Its prime targets include educational, government, telecom, media, religious, and COVID-19 research institutions in countries like Thailand, UAE, Nigeria, Taiwan, Vietnam, Philippines, Mongolia, etc. The group’s financially motivated attacks mainly targeted Chinese gambling entities and various cryptocurrency platforms.

Interestingly, Earth Lusca’s attack vectors are remarkably similar to another threat group called APT41\. In a typical attack, the adversaries use a version of **Cobalt Strike** as an initial attack vector and then deploy other [malware](/email-security/your-business-runs-on-email-dont-let-it-fall-to-malware/) like Behinder, Doraemon, FunnySwitch, AntSword, Winnti, and ShadowPad. Threat actors like Earth Lusca target victims across all industries, and therefore, it is best to adopt [ransomware protection](/email-security/5-ways-you-protect-your-business-from-ransomware/) measures in advance. _Experts advise using provided IOCs and focusing on shared threat intelligence for better threat detection_.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 5 of 2022","description":"This week’s cyber headlines consist of some very significant developments, updates, and patches.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/","datePublished":"2022-02-04T14:24:25.000Z","dateModified":"2025-05-26T17:56:19.000Z","dateCreated":"2022-02-04T14:24:25.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1221,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/02/smtp-providers-5921.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 5 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 5 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 5 of 2022","description":"This week’s cyber headlines consist of some very significant developments, updates, and patches.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/","datePublished":"2022-02-04T14:24:25.000Z","dateModified":"2025-05-26T17:56:19.000Z","dateCreated":"2022-02-04T14:24:25.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1221,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/02/smtp-providers-5921.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```