Security News

The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker identified as Rim Jong Hyok. Part of the Andariel North Korean hacking group, Hyok and other Andariel operatives were linked to Maui ransomware attacks targeting critical infrastructure and healthcare organizations across the United States.

"The MSS often uses 'cooperative contacts' located in countries outside of the PRC in furtherance of their intelligence goals, which include obtaining information concerning foreign corporate or industrial matters, foreign politicians or intelligence officers, and information concerning PRC political dissidents residing in those countries," the Department of Justice said, announcing the charges. In 2012, Li is alleged to have gathered biographical information about an individual associated with the Falun Gong religious movement and passed it back to the MSS within a week of receiving the order.

Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. The social media giant said these accounts are linked to an organized cybercrime group called 'Yahoo Boys,' that has recently increased its operational volume.

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization.

The French police and Europol are pushing out a "Disinfection solution" that automatically removes the PlugX malware from infected devices in France. The operation is conducted by the Center for the Fight Against Digital Crime of the National Gendarmerie with assistance by French cybersecurity firm Sekoia, which sinkholed a command and control server for a widely distributed PlugX variant last April.

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. "APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said.

Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years. By sending a body-less request, an attacker can force the Docker Engine API client to forward that request to an authorization plugin, which may, in error, approve a request that would have been denied if the body content was forwarded to it.

Once upon a time, I.T. security teams depended on hodgepodges of different cybersecurity solutions from various vendors. In a webinar for MSP and SME leaders, Cynet experts will explain how these challenges are driving unprecedented demand for "All-in-One" cybersecurity solutions.

Exclusive Despite the Feds' determination to ban Kaspersky's security software in the US, the Russian business is moving forward with another proposal to open up its data and products to third-party review - and prove to Uncle Sam that its code hasn't been compromised by Kremlin spies. Kaspersky started talking about this new "Comprehensive assessment framework" to verify its security products, software updates, and threat detection rules a week ago, and exclusively provided additional details to The Register about the verification system it presented to the US Department of Commerce.

A critical-severity Docker Engine vulnerability may be exploited by attackers to bypass authorization plugins via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," Docker Senior Security Engineer Gabriela Georgieva explained.