Security News > 2021 > May

Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. Last year, cybersecurity company ClearSky published a report about the financially motivated CryptoCore campaign that targeted cryptocurrency wallets belonging to exchanges or their employees.

In early March, a Boston-based vote-counting firm called Clear Ballot Group sent a bid to Arizona's state Senate to audit the 2020 presidential election results in Maricopa County. Instead, the state Senate hired a small Florida-based cybersecurity firm known as Cyber Ninjas that had not placed a formal bid for the contract and had no experience with election audits.

The U.S. government is hoping to obtain additional information on the 2017 hacker attack targeting the EtherDelta cryptocurrency trading platform and it has asked victims of the incident to come forward. EtherDelta was a decentralized trading platform for Ether and Ethereum-based tokens.

Researchers at cybersecurity firm Check Point discovered that many Android applications publicly expose sensitive user data through misconfigured third-party services. The exposed data, which pertains to more than 100 million Android users, includes chat messages, emails, passwords, location information, user identifiers, photos, and more.

The big telecommunications companies paid millions of dollars to specialist "AstroTurf" companies to generate public comments. These companies then stole people's names and email addresses from old files and from hacked data dumps and attached them to 8.5 million public comments and half a million letters to members of Congress.

A Michigan man has pleaded guilty to hacking a University of Pittsburgh Medical Center employee database, stealing the personal information of more than 65,000 people and then selling the information online. Johnson pleaded guilty Thursday to two of the 43 counts against him, one count of conspiracy and one count of aggravated identity theft.

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "Medium-high" likelihood to the Lazarus Group, researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies.

Desktop OSes are more vulnerable than mobile OSes, purely because they're general purpose tools designed to run arbitrary code from arbitrary sources. Despite the growth of the sandboxed browser model, most obviously expressed in Chromebooks bringing mobile security sensibilities into the edge of the desktop, the basic utility of the general purpose OS cannot be sanitised into total safety.

The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. Zeppelin ransomware is also referred to as Buran and has its origin in the Vega/VegaLocker family, a Delphi-based ransomware-as-a-service observed on Russian-speaking hacker forums in 2019.

Today's enterprise should feel confident that the data management solution can provide the visibility and granular data security capabilities to support long-term data retention at scale. Active data governance - The best data management systems learn from user activity and put policies into action in users' workflows-an approach to data governance that actually works.