Crypto hacker offered reward after $600m heist

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Malware as-a-Service Google: Attackers Leverage Social Media Accounts Akshaya Asokan (asokan_akshaya) • April 2, 2021     Screenshot of the fake “SecuriElite” website (Source: Google TAG) A North Korean government-backed threat group that was detected targeting security researchers in January is once again staging a…

Governance & Risk Management , Identity & Access Management , IT Risk Management Discussion Tackles Critical Risk Management Issues Anna Delaney (annamadeline) • April 1, 2021     Clockwise, from top left: Suparna Goswami, Anna Delaney, Mathew Schwartz and Tom Field Four editors at Information Security Media…

Endpoint Security , Governance & Risk Management , IT Risk Management Flaw Could Enable Access to Secret Encryption Key Prajeet Nair (@prajeetspeaks) • March 1, 2021     Rockwell’s Studio 5000 Logix Designer is among products affected by a vulnerability. (Source: Rockwell) A critical authentication bypass vulnerability could enable hackers to remotely compromise programmable logic…

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. In total, nine Bahraini activists (including members of the Bahrain Center for Human Rights, Waad, Al Wefaq) had their iPhones hacked in a campaign partially orchestrated by a Pegasus operator linked with high confidence…

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange…

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters. A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released…