By Habiba Rashid
According to Microsoft, the Royal ransomware is now being spread by a threat actor known as DEV-0569.
This is a post from HackRead.com Read the original post: Royal Ransomware: New Threat Uses Google Ads and Cracked Software

On November 17th, Microsoft Security Threat Intelligence tracked activity from a threat actor known as DEV-0569 regarding the development of new tools to deliver the Royal ransomware. 

Although Microsoft still uses a temporary ‘DEV-####’ designation for it, meaning that they are unsure about its origin or identity, the group is believed to consist of ex-Conti members. 

“Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation,” the Microsoft Security Threat Intelligence team said in an analysis.

Traced back to August 2022, the group typically relies on malvertising, phishing link vectors, fake forum pages, and blog comments. They also direct users to a malware downloader called BATLOADER, posing as various legitimate software installers such as TeamViewer, Adobe Flash Player, and Zoom or updates embedded in spam emails. 

BATLOADER posing as a TeamViewer installer

When BATLOADER is launched, it uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that are decrypted and launched with PowerShell commands.

BATLOADER also appears to share overlaps with another malware called Zloader. A recent analysis of the strain by eSentire and VMware called out its stealth and persistence, in addition to its use of search engine optimization (SEO) poisoning to lure users to download the malware from compromised websites or attacker-created domains. 

In their blog post, Microsoft security researchers mentioned some of the recently observed changes in the group’s delivery method. This includes the use of contact forms on targeted organizations’ websites to deliver phishing links, hosting fake installer files on seemingly legitimate software download sites, and expansion of their malvertising technique through Google Ads. 

1.  Gootloader exploits websites via SEO to spread ransomware
2.  Google Fails To Remove “App Developer” Behind Malware Scam
3.  Malicious Office documents make up 43% of all malware downloads
4.  Google Drive accounted for 50% of malicious Office docs downloads
5.  Research sector targeted in spear phishing attack using Google Drive

In one particular campaign, DEV-0569 sent a message to targets using the contact form on these targets’ websites, posing as a national financial authority. When a contracted target responds via email, the threat actor replies with a message containing a link to BATLOADER, hence successfully luring the target into its trap. 

Also utilized is a tool known as NSudo to launch programs with elevated privileges and impair defenses by adding registry values that are designed to disable antivirus solutions.

Their expansion strategy by employing Google Ads to spread BATLOADER, however, seems to have made the biggest difference in the diversification of the DEV-0569’s distribution vectors. This enabled it to reach more targets and deliver malware payloads. 

“Since DEV-0569’s phishing scheme abuses legitimate services, organizations can also leverage mail flow rules to capture suspicious keywords or review broad exceptions, such as those related to IP ranges and domain-level allow lists,” Microsoft said.

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Royal Ransomware: New Threat Uses Google Ads and Cracked Software

By Deeba Ahmed
The attackers gain access to the network through decoy documents covering controversial geo-political topics to lure the targeted organizations into downloading and executing the malware. 
This is a post from HackRead.com Read the original post: Research sector targeted in new spear phishing attack using Google Drive

According to Trend Micro researchers, a Chinese government-sponsored advanced persistent threat (APT) group has launched spear-phishing attacks to target education, government, and research sectors worldwide.

The report is unsurprising as earlier this year, researchers linked Google Drive to 50% of malicious MS Office document downloads.

**Campaign Details**

The attackers are delivering custom malware stored in Google Drive. The attacks were discovered between March and October 2022. The primary targets of the group were located in Japan, Australia, Myanmar, Taiwan, and the Philippines. For your information, the espionage group has been active since July 2018.

**How does the Attack Works?**

The attackers gain access to the network through decoy documents covering controversial geo-political topics to lure the targeted organizations into downloading and executing the malware.

In some instances, the phishing messages were sent from email accounts that were previously compromised and belonged to specific entities to enhance the success ratio of this campaign. The archive files display a lure document to the victim.

However, in the background, it loads malware through DLL side-loading. Eventually, the attacker delivers three malware families to download the next-stage payloads. The main backdoor they use is TONESHELL, installed via the TONEINS shellcode loader.

The attackers bypass security mechanisms by embedding link points to a Dropbox or Google Drive folder. These links redirect to download compressed files such as ZIP, RAR, and JAR with custom malware strains like PubLoad and TONESHELL.

> “Once the group has infiltrated a targeted victim’s systems, the sensitive documents stolen can be abused as the entry vectors for the next wave of intrusions. This strategy largely broadens the affected scope in the region involved.”
> 
> Nick Dai, Vickie Su, Sunny Lu – Trend Micro

**Who is the Attacker?**

Researchers claim that the group responsible for the attacks has been identified as Mustang Panda, also known as TA416, Red Lich, Earth Preta, HoneyMyte, and Bronze President. Mustang Panda prefers using China Chopper and PlugX malware to collect data from compromised systems.

In its report, Trend Micro noted that Mustang Panda continually evolves its attack tactics to evade detection and use infection methods that allow them to deploy bespoke malware families such as PUBLOAD, TONEINS, and TONESHELL.

1.  Chinese Hackers Hiding Malware in Windows Logo
2.  APT Groups Trapping Targets with Clever Twitter Scheme
3.  Chinese Hackers Distributing Malware in SMS Bomber Tool
4.  Windows, Linux and macOS Users Targeted by Chinese hackers
5.  Microsoft disrupts activity of Chinese hackers by seizing 42 websites

Research sector targeted in new spear phishing attack using Google Drive

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms.

It was a truly wild week in the tech industry as new details emerged about the FTX cryptocurrency exchange's collapse and Elon Musk drove an ever-increasing number of Twitter employees out of the company. Cryptocurrency tracers have been scrambling to understand what happened to nearly half a billion dollars worth of cryptocurrency that was pulled out of FTX last weekend. It seems that some of it may have been seized by government authorities in the Bahamas, but the mystery is still unraveling. 

Meanwhile, the wheels have increasingly been coming off the bus at Twitter. Earlier this week, for example, some users weren't receiving vital two-factor authentication codes sent over SMS, and it's unclear whether the problem has been fully resolved. With its staffing shortages and so much upheaval, we took a look at what the impacts would be if Twitter suffered a massive data breach or another major security attack in this precarious moment.

New research indicates that telehealth sites too often put addiction patient data at risk, with tracking tech lurking on substance-abuse-focused websites. And we've got part four in the series “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the rise and fall of dark web marketplace AlphaBay. This installment tells how law enforcement agents in the Dutch National High-Tech Crime Unit took over and ran the dark web marketplace Hansa and follows US and Thai police as they were closing in on AlphaBay's kingpin, Alpha02, on the brink of attempting a dramatic arrest.

But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

A significant hack-and-leak operation in Moldova has released alleged Telegram correspondence of at least two politicians, leading to scandal and allegations of corruption. The site, called “Moldova Leaks,” has also threatened to release more data on government officials and politicians. The site published alleged messages from Moldova's minister of justice, Sergiu Litvinenco, and defense and national security adviser to the president Dorin Recean in the past two weeks. Some of the conversations imply that other Moldovan officials have won rigged elections or have been installed improperly in their positions, and the leaks particularly seem targeted at undermining anti-corruption officials. Moldova's pro-Russian political opposition has been quick to spread allegations based on the leaks that Litvinenco, Recean, and others must be removed from office. 

The Moldovan Justice Ministry said the leaked data is stolen, but it added that some of it has been manipulated. Litvinenco and other officials in Moldova's government have said that Russia is behind the operation. "The purpose of this fake is to divert the public's attention from the real problems faced by criminal groups in the Republic of Moldova and their connections with foreign services," Litvinenco wrote on Facebook. At the end of October, _The Washington Post_ reported on efforts by Russia's FSB security agency to undermine Moldova's pro-European government.

Google will pay a total of $391.5 million to 40 US states following an investigation related to the tech giant's user location tracking practices. The probe, a collaboration between state attorneys general, looked at whether Google had deceived users and obfuscated its location-tracking activities. “Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers,” Oregon attorney general Ellen Rosenblum told _The Washington Post_. "We settled an investigation with 40 US state attorneys general based on outdated product policies that we changed years ago,” Google wrote in a blog post about the agreement on Monday. “As well as a financial settlement, we will be making updates in the coming months to provide even greater controls and transparency over location data.”

Thousands of mobile apps in the Google Play and Apple App Store include code modules from a company called Pushwoosh that claims to be based in Washington, DC, but that Reuters reports is actually based in Russia. The Centers for Disease Control and Prevention incorporated Pushwoosh code into seven of its public apps and removed the service after learning of Reuters' findings. The CDC said that it had been misled about where Pushwoosh was headquartered. In March, the US Army also removed an app used by soldiers at a prominent US combat training base because it incorporated Pushwoosh code. In marketing materials and US regulatory filings, the company claims to be based in California, Maryland, or DC, but it actually pays taxes in Russia and is headquartered in Novosibirsk in Siberia. The company apparently had roughly 40 employees and reported revenue of 143,270,000 rubles (about $2.4 million) in 2021. Though it is unclear if Pushwoosh ever abused its position in apps distributed in the US or elsewhere, the Russian government has a track record of conducting “software supply chain” attacks for intelligence gathering as well as destructive attacks on its enemies.

Data and privacy regulators in Norway, France, and Germany have all warned that World Cup attendees should not download Qatar’s two World Cup apps or should do so on a wiped device if necessary. Officials warn that the apps are invasive, collecting significantly more data than they should and more than they claim to in their privacy policies. “One of the apps collects data on whether and with which number a telephone call is made,” Germany’s data protection commission said in an alert this week. “The other app actively prevents the device on which it is installed from going into sleep mode. It is also obvious that the data used by the apps not only remain locally on the device but are also transmitted to a central server.” World Cup events begin this weekend.

A Destabilizing Hack-and-Leak Operation Hits Moldova

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware.
Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569.
"Observed DEV-0569 attacks show a pattern of continuous innovation, with

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware.

Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name **DEV-0569**.

"Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation," the Microsoft Security Threat Intelligence team said in an analysis.

The threat actor is known to rely on malvertising to point unsuspecting victims to malware downloader links that pose as software installers for legitimate apps like Adobe Flash Player, AnyDesk, LogMeIn, Microsoft Teams, and Zoom.

The malware downloader, a strain referred to as BATLOADER, is a dropper that functions as a conduit to distribute next-stage payloads. It has been observed to share overlaps with another malware called ZLoader.

A recent analysis of BATLOADER by eSentire and VMware called out the malware's stealth and persistence, in addition to its use of search engine optimization (SEO) poisoning to lure users to download the malware from compromised websites or attacker-created domains.

Alternatively, phishing links are shared through spam emails, fake forum pages, blog comments, and even contact forms present on targeted organizations' websites.

"DEV-0569 has used varied infection chains using PowerShell and batch scripts that ultimately led to the download of malware payloads like information stealers or a legitimate remote management tool used for persistence on the network," the tech giant noted.

"The management tool can also be an access point for the staging and spread of ransomware."

Also utilized is a tool known as NSudo to launch programs with elevated privileges and impair defenses by adding registry values that are designed to disable antivirus solutions.

The use of Google Ads to deliver BATLOADER selectively marks a diversification of the DEV-0569's distribution vectors, enabling it to reach more targets and deliver malware payloads, the company pointed out.

It further positions the group to serve as an initial access broker for other ransomware operations, joining the likes of malware such as Emotet, IcedID, Qakbot.

"Since DEV-0569's phishing scheme abuses legitimate services, organizations can also leverage mail flow rules to capture suspicious keywords or review broad exceptions, such as those related to IP ranges and domain-level allow lists," Microsoft said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world.
The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro

A notorious advanced persistent threat actor known as **Mustang Panda** has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world.

The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro said in a Friday report.

Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018. The group is known for its use of malware, such as China Chopper and PlugX to collect data from compromised environments.

Activities of the group chronicled by ESET, Google, Proofpoint, Cisco Talos, and Secureworks this year have revealed the threat actor's pattern of using PlugX (and its variant called Hodur) to infect a wide range of entities in Asia, Europe, the Middle East, and the Americas.

The latest findings from Trend Micro show that Mustang Panda continues to evolve its tactics in a strategy to evade detection and adopt infection routines that lead to the deployment of bespoke malware families like TONEINS, TONESHELL, and PUBLOAD.

"Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as RAR/ZIP/JAR) and distributed through Google Drive links," researchers Nick Dai, Vickie Su, and Sunny Lu said.

Initial access is facilitated through decoy documents that cover controversial geopolitical themes to entice the targeted organizations into downloading and triggering the malware.

In some cases, the phishing messages were sent from previously compromised email accounts belonging to specific entities, indicating the efforts undertaken by the Mustang Panda actor to increase the likelihood of the success of its campaigns.

The archive files, when opened, are designed to display a lure document to the victim, while stealthily loading the malware in the background through a method referred to as DLL side-loading.

The attack chains ultimately lead to the delivery of three malware families – PUBLOAD, TONEINS, and TONESHELL – which are capable of downloading next-stage payloads and flying under the radar.

TONESHELL, the main backdoor used in the attacks, is installed through TONEINS and is a shellcode loader, with an early version of the implant detected in September 2021, suggesting continued efforts on part of the threat actor to update its arsenal.

"Earth Preta is a cyber espionage group known to develop their own loaders in combination with existing tools like PlugX and Cobalt Strike for compromise," the researchers concluded.

"Once the group has infiltrated a targeted victim's systems, the sensitive documents stolen can be abused as the entry vectors for the next wave of intrusions. This strategy largely broadens the affected scope in the region involved."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide

The company emerges from stealth with an automated security remediation product identifies and remediates cloud misconfigurations.

Some of the most common issues in cloud security involve misconfigured systems. Cloud servers may be mistakenly configured to allow anyone on the Internet to access the data. The firewall rules may have inadvertently created a hole big enough for a threat actor to slip through. These kinds of issues trip up enterprises on a regular basis because securing cloud infrastructure is labor-intensive and security operations rely heavily on manual processes to manage the complex environment.

Enter OpsHelm, a cloud security startup which came out of stealth with its automated security remediation product on Thursday. The product monitors the IT environment looking for cloud misconfigurations and makes it possible to fix the issues in a seamless way. The tool integrates with common enterprise communications tools such as Slack or Microsoft Teams and informs the security operations team of the issues as they are found. The team can address the issues and the tool learns what actions should be taken so that it knows how to handle the situation the next time that issue comes up.

"Companies attempt to solve this problem with enhanced visibility into their cloud infrastructure, yet this isn't enough--they are still stuck doing the time-consuming triage and remediation with their limited team resources," Andrew Peterson, co-founder and CEO of Signal Sciences and an investor in the company, said in a statement.

The company says OpsHelm can detect and fix common cloud issues such as misconfigurations, overly permissive firewall rulesets, potential data exposures, unmanaged resources in Infrastructure as Code (IaC), credential sprawl, and unsecured assets exposed to the Internet.

"For example, if S3 buckets are routinely exposed when you stand up new programs, you can eliminate all exposed S3 buckets in seconds and ensure that any new ones are instantly locked down the second they are exposed," Bill Gambardella, OpsHelm CEO and co-founder, wrote on the company's blog. Gambardella was previously COO at Leviathan Security Group and previously ran security at Sprout Social. Other members of the founding team include OpsHelm CTO Kyle McCullough, who was a platform engineer at Sprout Social; COO Bob Bregant and founding engineer Lee Brotherson.

At the moment, OpsHelm integrates with Google Cloud Platform and Amazon Web Services. Support for Microsoft Azure is “coming soon.” Currently in public beta, general availability is expected early next year, the company says.

New Startup OpsHelm Tackles Cloud Misconfigurations

Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.

CVE-2022-41155: iQ Block Country

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.

 Verified

 Fixed

**4.3**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 2.2.2

PSID 

6cdbd5d983bf

Classification 

Other Vulnerability Type

OWASP Top 10 

A5: Broken Access Control

Required privilege 

Requires subscriber or higher role user authentication.

Publicly disclosed

2022-11-18

**Details**

Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh (Patchstack Alliance) in the WordPress Plugin for Google Reviews plugin (versions <= 2.2.2).

**Solution**

Update the WordPress Plugin for Google Reviews plugin to the latest available version (at least 2.2.3).

**References**

CVE-2022-45369: WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability - Patchstack

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

CVE-2022-43492: Comments – wpDiscuz

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WatchTowerHQ Website Monitoring: Done Right  
Fed up with using tools that get sold to GoDaddy, lose their founding team, and slowly die?  
Tired of half-assed customer service that takes 72-144 hours to get a response?  
Looking for one solution to cut the costs of many tools?  
Our founding team is intact and not only focused on a world-class customer service experience, we’re focused on making WatchTowerHQ the best tool agencies and companies turn to when managing multiple websites.

**Automated Updates**

Set it and forget it by scheduling WordPress theme and plugin updates in advance. Every Tuesday at 7am? Not a problem with WatchTowerHQ

**Performance Insights**

Wondering why no one stays on your website? It’s probably because it’s slow…like Ford Fiesta slow. Figure out what you need to do to transform it into the Porsche it deserves to be.

**Daily Backups**

Take them daily, store them for a year. Don’t be at the mercy of the intern who accidentally deleted all of your blog posts from the last 6 years. Restore them quickly from one of your backups. Automate these as you would like, or take them manually.

**Historical Data Tracking**

A snapshot in time is great for some. You’re not some. Most are like you, they want to see how data looks over time. Screen shots from last May? Easy peasy. Site speed today relative to 2 months ago? One click.

**Notifications?**

We’ve got you covered. You control who gets alerts, which alerts they get, and when. All for you to control within your account.

**Domain and SSL Registration Monitoring**

The dreaded call from a client at 12:47am when they realize their domain has expired and a 12 year old North Korean is holding it hostage for 72 BTC. Don’t let that happen to you or your clients. Always know when your domain or SSL certificate are about to expire so you can proactively renew.

**Real-time Uptime Monitoring**

Kiss false positives good-bye. Set your limits, get updated when they’re triggered.

**One-Click Access**

Access your WordPress site or staging environment with one click right from the website dashboard.  
WatchTowerHQ is the most robust website monitoring and management tool. Increase operational efficiency by eliminating wasted time, improving your security, and taking preventive action.

**Custom User Roles**

Select from one of WatchTowerHQ’s user roles with granular permissions selection or create custom roles to fit your organizational needs.

Please note that WatchTowerHQ tracks information about your site including:  
\* Domain information (Registrar, DNS, SSL, Blacklist Status, Site & Proxy IP addresses)  
\* WordPress plugins, themes, and core  
\* Google Lighthouse & Google Analytics data  
\* Screen captures  
\* CSS & JavaScript code

After installing the WatchTowerHQ plugin you will need to do a few things to start monitoring your site.  
1\. Activate the WatchTowerHQ plugin.  
2\. Copy the access token found in the WatchTowerHQ Settings (you will need this in a future step).  
3\. Go to WatchTowerHQ to sign up for an account.  
4\. Fill in information about your websites – including the access token that you’d copied earlier.  
5\. Save the website’s information once complete. Happy monitoring!

If you’ve already signed up on WatchTowerHQ, you can also follow the alternative installation:  
1\. Download the WatchTowerHQ client from the Settings dropdown menu  
2\. Go to the Plugins tab in WordPress and select “Add New Plugin”.  
3\. Click the “Upload Plugin” button and upload the zip file you downloaded from WatchTowerHQ.  
4\. Click to activate the client and copy the access token from the WatchTowerHQ settings.  
5\. Go to the “Add new website” form found on the Websites page of your WatchTowerHQ dashboard.  
6\. Select WordPress as your CMS and paste the access token in the space.

**Can I have multiple environments on WatchTowerHQ?**

Yes, you can include your development and other environments to your WatchTowerHQ account for convenient one-click access.

**What does WatchTowerHQ do with my site’s information?**

The information tracked by WatchTowerHQ is used to provide real-time analytics and alerts on your site’s status including vulnerabilities, site downtime, and performance. As well as to notify you about WordPress-specific issues such as abandoned plugins.

**How much is WatchTowerHQ?**

To view our plans and get started with WatchTowerHQ check out our website.

**Can I limit access to other users?**

We have a number of standard roles, that many users requested, along with that we’ve created custom user roles. With custom user roles the options are endless to the access that you can give any one user. Custom User roles are included in all plans at no additional cost.

It's packed with features. One of the best tools available to manage my websites.

Read all 1 review

“WatchTowerHQ” is open source software. The following people have contributed to this plugin.

Contributors

*    watchtowerhq

**3.6.20**

*   remove unused code

**3.6.19**

*   db backup fix

**3.6.18**

*   WordPress 6.1.x compatibility declaration update

**3.6.17**

*   Fix security issue

**3.6.16**

*   Fix security issue

**3.6.15**

*   Fix theme updates info

**3.6.13**

*   Fix plugin updates info

**3.6.12**

*   Fix plugin slug

**3.6.11**

*   Fix plugin slug

**3.6.10**

*   WP 6.x compatibility declaration

**3.6.7**

*   WP 5.9.x compatibility declaration

**3.6.6**

*   fix open basedir warnings

**3.6.1**

*   Add endpoint for removing database backup file

**3.6.0**

*   updated action scheduler

**3.5.69**

*   WP Engine – exception

**3.5.67**

*   code improvements

**3.5.65**

*   code improvements
*   fetch info about debug log

**3.5.1**

*   update action scheduler

**3.5.0**

*   new backup system

**3.4.16**

*   WordPress 5.8 compatibility

**3.4.15**

*   fix UI issue

**3.4.13**

*   better settings UI

**3.4.12**

*   allow resume downloading backup
*   include backup integrity checksum to confirm error free transfer

**3.4.10**

*   code refactoring

**3.4.9**

*   update composer properties

**3.4.8**

*   WordPress 5.7 compatibility

**3.4.4**

*   new backup queue file limits

**3.4.2**

*   increase timeout

**3.4.0**

*   added ZipArchive fallback

**3.3.10**

*   fix curl timeout

**3.3.7**

*   minimum PHP version: 7.1

**3.3.6**

*   readme improvements

**3.3.0**

*   WordPress.org first release.
*   removed custom updates library

Tag

#google