Security News > 2020

The advanced persistent threat known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. That's the finding from Kaspersky researchers, who found that Lazarus Group - widely believed to be linked to North Korea - recently attacked a pharmaceutical company, as well as a government health ministry related to the COVID-19 response.

IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks. This type of automated response is not lost upon cybercriminals, nor on Chris Poulin, who was a strategist at IBM's X-Force, when he wrote his IBM Security Intelligence commentary 6 Psychological Elements Behind Sophisticated Cyber Attacks, which looks at how cybercriminals leverage human traits to improve their odds of a successful attack.

Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results. Titled "Enemies of the People," the website was created on December 6, and by the middle of the month included personal details of individuals that did not support the current U.S. President's claims of voter fraud.

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing. At the same time, they're offloading this data to a potential unsecured third party.

The North Korea-linked threat actor known as Lazarus was recently observed launching cyberattacks against two entities involved in COVID-19 research. Active since at least 2009 and believed to be backed by the North Korean government, Lazarus is said to have orchestrated some high-profile attacks, including the WannaCry outbreak.

A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. One recipient said they fell for the scam after their card was denied in a purchase online and thought the email was a legitimate Chase fraud alert.

The same group of researchers already had discovered ways that various forms of technology can potentially violate user privacy by engaging in what they call "Acoustic snooping." Last year, they published research on how a smartphone app has the ability record the sound from its microphones and figure out from that what someone has typed, giving it the potential to steal PINs and passwords. The new research also builds on previous research that found that voice assistants could record the typing of keys on a computer to determine someone's input, Anderson wrote in a blog post.

Several critical vulnerabilities have been found by researchers in products from PTC-owned industrial automation solutions provider Kepware. The U.S. Cybersecurity and Infrastructure Security Agency last week published two advisories describing vulnerabilities identified in Kepware products.

After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. "The Emotet botnet is one of the most prolific senders of malicious emails when it is active, but it regularly goes dormant for weeks or months at a time," said Brad Haas, researcher at Cofense, in a Tuesday blog.

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. Google Project Zero security researcher Maddie Stone discovered that Microsoft's patch in June did not fix the original vulnerability and it can still be leveraged with some adjustments.