Security News > 2022 > April

North Korea targeting blockchain, cryptocurrency companies. The advisory describes the recent activities of the Lazarus Group, who specialize in advanced persistent threats and target organizations in the blockchain and cryptocurrency industries.

YouTube has blocked the campaign account of Hong Kong's only candidate for the Special Administrative Region's head of government, John Lee Ka-chiu, citing US sanctions. Lee, often referred to as "Pikachu" by the Hong Kong anti-establishment faction as it sounds similar to "Lee Ka-chiu," stepped down from his position as Secretary for Security in Hong Kong to run for the chief executive spot.

Binance has announced some significant changes in its services for Russia-based users, which mark the company's effort to align with European Union's fifth wave of sanctions against Russia. According to the announcement, all Binance accounts of Russian nationals, persons residing in the country, or entities established there, having a balance of over €10,000, will only be able to withdraw funds.

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence. Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance, allowing unauthenticated attackers to steal admin credentials remotely.Fraser Hess of Pinnacol Assurance found the flaw in the key-based SSH authentication mechanism of Cisco Umbrella VA. Cisco Umbrella, a cloud-delivered security service used by over 24,000 organizations as DNS‑layer security against phishing, malware, and ransomware attacks, uses these on-premise virtual machines as conditional DNS forwarders that record, encrypt, and authenticate DNS data.

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

The Federal Bureau of Investigation says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022. The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures used by and indicators of compromise linked to ransomware variants identified during FBI investigations.

A new set of phishing attacks delivering the more eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement.

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell said in a report published this week.