A life-long friend of Aung San Suu Kyi has spoken of her worries about her detention. Ann Pasternak Slater, who is also the godmother to one of Aung San Suu Kyi’s sons said she had been following the news “with great concern and great sorrow that the victory they won in the elections which would…
Critical Infrastructure Security , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks Kaspersky Ties Latest Hacking Campaign and Backdoor to Lazarus Group Doug Olenick (DougOlenick) • February 25, 2021 Lazarus, the North Korean-backed advanced persistent threat group, has been conducting a campaign striking defense industry targets in more than a dozen countries using a…
A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information. This espionage campaign affected organizations from more than a dozen countries and was coordinated by DPRK-backed state hackers tracked as Lazarus Group. The attackers used COVID19-themed spear-phishing…
Governance & Risk Management , IT Risk Management , Patch Management Flaw Allows Unauthorized Users to Send Specially Crafted Requests Prajeet Nair (@prajeetspeaks) • February 25, 2021 Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware…
Researchers: ‘Jian’ Hacking Tool Targeted Zero-Day Flaw in Windows Scott Ferguson (Ferguson_Writes) • February 22, 2021 A Chinese hacking group reportedly “cloned” and deployed a zero-day exploit developed by the U.S. National Security Agency’s Equation Group before Microsoft patched the Windows vulnerability that was being exploited in 2017, according to an analysis published…
Cybercrime , Endpoint Security , Fraud Management & Cybercrime Called Serious Threat, But Has Yet to Take Malicious Action Doug Olenick (DougOlenick) • February 23, 2021 A previously undetected malware variant has infected almost 30,000 Apple Macs. But researchers so far have not seen it deliver any malicious payloads to compromised endpoints, according…
The New York Department of Financial Services (“NYDFS”) recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk. The stated goal of the Framework is to grow “a robust cyber insurance market that maintains the financial stability of insurers and protects insureds.” While the Framework is directed…
Greece is hoping European countries will adopt a Covid-19 vaccine certificate system to make tourism easier during the summer. A digital vaccination certificate would make travel smoother, Akis Skertsos, deputy minister to Greece’s prime minister explained. He told BBC World News: “We don’t think that this is discriminatory at all. Restrictions are already in place…
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! | IT Security News 25. February 2021 The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable…
Cryptocurrency Fraud , Fraud Management & Cybercrime , Legislation & Litigation $70 Million Allegedly Lost to Schemes Such as Bitcoiin2Gen Touted by Steven Seagal Mathew J. Schwartz (euroinfosec) • February 25, 2021 Bitcoiin2Gen in 2018 said “Zen Master Steven Seagal” had become its “brand ambassador.” If there’s anything to put the final nail…
