Wed.Feb 17, 2021

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

The U.S.

3 North Koreans Indicted for Stealing $1.3 Billion

Data Breach Today

Federal Prosecutors Say Hackers Work for Military Intelligence Unit Three North Koreans have been indicted for allegedly taking part in a criminal conspiracy to steal or extort $1.3 billion in cryptocurrency and cash from banks and other organizations around the world, the U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Malware Is Now Targeting Apple’s New M1 Processor

WIRED Threat Level

Two distinct strains of malware have already adjusted to the new silicon just months after its debut. Security Security / Cyberattacks and Hacks

IT 108

Apple Patches Flaw in macOS Big Sur Upgrade

Data Breach Today

Vulnerability Could Lead to Data Loss Apple has patched a vulnerability in macOS Big Sur 11.2 and 11.3 upgrades that could have resulted in users getting stuck in a boot loop, suffering serious data loss and potentially getting locked out of their data

166
166

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Browser Tracking Using Favicons

Schneier on Security

Interesting research on persistent web tracking using favicons. For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.).

Paper 99

More Trending

Ransomware? Let's Call It What It Really Is: Extortionware

Dark Reading

Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay

IT 94

Senators Push for Action on Water Treatment Hack Investigation

Data Breach Today

Warner, Rubio Say Incident Raises Broader Security Issues Sen. Mark Warner, D-Va., is demanding more information from the FBI and the EPA about the Feb. 5 hacking of a water treatment facility in Oldsmar, Florida. Meanwhile, Sen. Marco Rubio, R-Fla.,

Breach Etiquette: How to Mind Your Manners When It Matters

Dark Reading

Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage

IT 93

PACS Flaws Put Data at Risk for 18 Months

Data Breach Today

California Medical Imaging Group Describes Data Exposure A California medical imaging group practice says vulnerabilities in its picture archiving and communications system left patient data at risk of unauthorized access for more than a year

Risk 159

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Egregor Arrests a Blow, But Ransomware Will Likely Bounce Back

Dark Reading

Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say

Becoming a CISO: Many Paths to Success

Data Breach Today

Mike Hamilton, founder and CISO of CI Security, followed an unusual path that led him to a career in cybersecurity. He says those who, like him, lack a formal education in security can build successful CISO careers

The OpenSSL Project addressed three vulnerabilities

Security Affairs

The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection.

File-Sharing App SHAREit for Android Has Remote Code Flaw

Data Breach Today

Trend Micro: Users Face Risk of Data Theft A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro

Risk 135

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

4 Predictions for the Future of Privacy

Dark Reading

Use these predictions to avoid pushback, find opportunity, and create value for your organization

US DoJ charges three members of the North Korea-linked Lazarus APT group

Security Affairs

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3

Feds Indict North Korean Hackers for Years of Heists

WIRED Threat Level

The three men are allegedly part of a group that tried to steal $1.3 billion in an extended—and ongoing—cybercrime spree. Security Security / Cyberattacks and Hacks

ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

Security Affairs

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed

Threatpost

Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups. Vulnerabilities Web Security

Kia Faces $20M DoppelPaymer Ransomware Attack

Dark Reading

Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

Threatpost

The WatchDog malware has flown under the radar for two years in what researchers call one of the 'largest' Monero cryptojacking attacks ever. Malware

98

White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign

Dark Reading

Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Threatpost

A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain. Malware Web Security

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Security Affairs

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers.

IT 63

U.S. Accuses North Korean Hackers of Stealing Millions

Threatpost

The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea

92

TikTok breaching users’ rights “on a massive scale”, says European Consumer Group

IT Governance

TikTok has been accused of breaching users’ rights “on a massive scale” by the European Consumer Group.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Achieving Seamless eDiscovery

OpenText Information Management

Business and litigation go hand in hand in the 21st century. From litigation support personnel to the lawyers themselves, organizations face a common challenge: how to streamline processes and procedures to simplify and thoroughly respond to on-going litigation requests.

Parler Says It's Back

WIRED Threat Level

The platform was kicked off Amazon's servers. Now it says it's no longer relies on "Big Tech" for its infrastructure. Security Security / Security News

IT 63

US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B

Dark Reading

FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018

61