CVE-2021-1522

Critical Infrastructure Security , Cybercrime , Cybercrime as-a-service With Nonstop Cryptocurrency Paydays, No Wonder Extortionists Love Ransomware Mathew J. Schwartz (euroinfosec) • June 10, 2021     Ransom note for a REvil – aka Sodinokibi – ransomware infection (Source: Cisco Talos) Is it any wonder that criminals keep flocking to ransomware when their individual haul…

Governance & Risk Management , IT Risk Management , Patch Management Experts Stress Importance of Upgrading the Tool and Auditing Files Prajeet Nair (@prajeetspeaks) • May 5, 2021     A patch has been issued for a serious vulnerability that affects PHP Composer – a tool used to manage and install software dependencies in the…

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Cybercrime Authorities Say Exchanges Allegedly Facilitate Money Laundering Prajeet Nair (@prajeetspeaks) • August 14, 2021     U.S. dollars and other currency seized by Ukranian police this week from an alleged illegal cryptocurrency exchange (Source: Security Service of Ukraine) Ukrainian police this week shuttered a series of allegedly…

Cryptocurrency Fraud , Cybercrime , Cyberwarfare / Nation-State Attacks Magecart-Style Attacks Included Bitcoin-Grabbing Functionality, Group-IB Reports Mathew J. Schwartz (euroinfosec) • April 15, 2021     Fake payment form, which opens in an iFrame element, discovered in Magecart-style attacks attributed to Lazarus (Source: Group-IB) Hackers with apparent ties to North Korea that hit e-commerce shops…

Defense Vague contract language hampers cybersecurity for weapons systems, GAO says By Lauren C. Williams Mar 08, 2021   The cybersecurity of the Defense Department’s weapons systems may hinge on clear contract requirements, according to a recent report. The Government Accountability Office found that missing or vague cybersecurity requirements in acquisitions contracts for…