Security News
South Korean officials have admitted that government nuclear think tank Korea Atomic Energy Research Institute was hacked in May 2021 by North Korea's Kimsuky group. Malware analyst group IssueMakersLab said in a report that it detected an attack on KAERI on May 14th. The attack saw incoming heat from 13 internet addresses, of which one was traceable to Kimsuky.
The new name is a tongue-in-cheek combination of the Russia-linked Fancy Bear advanced persistent threat and North Korea's Lazarus Group. According to Proofpoint, this time around the gang has been sending threatening, targeted emails to various organizations, including those operating in the energy, financial, insurance, manufacturing, public utilities and retail sectors - asking for a two-Bitcoin starting ransom if companies want to avoid a crippling DDoS attack.
Once they've identified a tempting asset to exploit, attackers employ techniques to find a vulnerability. Some attackers use tried-and-true methods, but the most creative in the group find ways to exploit systems through unexpected vectors.
The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website. "If you are using The Plus Addons for Elementor plugin, we strongly recommend that you deactivate and remove the plugin completely until this vulnerability is patched," researchers said.
Maza, a place online for fraudsters and extorters to connect to pull off their operations, has been breached by an unknown attacker, in just the latest in a series of attacks targeting elite Russian-language cybercrime forums. These forums are where threat actors can go to access ransomware-as-a-service tools, launder stolen money and even get advice on how to improve their crimes, Flashpoint vice president Thomas Hofmann explained to Threatpost.
It's notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking aim at the Oracle MICROS Restaurant Enterprise Series 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide, according to ESET. The attacks have mainly been in the U.S., researchers said - though the initial infection vector is unknown.
Cyberattackers have reached a peak of sending 1.5 million malicious emails per day related to the COVID-19 pandemic over the course of the last three months, according to new research. "We saw a rise in unwanted emails containing embedded URLs using the keywords of 'COVID' or 'corona,' from negligible values in January 2020 to over half a million blocked per day the end-of-March onwards," he wrote in the post.
Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures. Bad actors have added a new snare to their bag of social engineering tricks- malicious OneDrive, Google Drive, iCloud, and Dropbox links.
Across the board, malicious cyber-activity was down partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity. This decrease in activity also tracks to the heightened malicious activity Nuspire researchers saw at the beginning of 2019.
Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN.