APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Cisco issues critical security warning for Nexus data-center switches
Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources. The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, […] more…Authorities Dismantle Ransomware Cybergang
Five Romanian nationals suspected of being part of a cybercrime g read more more…Moving Beyond "Moving Left": The Case for Developer Enablement
For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new wave of what […] more…3 ways IoT security concerns are taken out of context
This Saturday was like most every other day for me. I opened my RSS Internet of Things (IoT) news feed and there were three more articles telling me that consumers don’t trust IoT security. IoT security alerts have been so frequent and regular for so long now that just like a “check engine light” in […] more…Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
A vulnerability known as Wormhole that reportedly affected the software development kit (SDK), Moplus by Baidu is making waves due to the severity of the impact once successfully exploited. The said vulnerability was discovered by WooYun.og, a vulnerability reporting platform in China. However, as our investigation on this security bug unfolded, we found out that […] more…More information
- Online banking and plastic card-related fraud in India increases 35 percent
- Nvidia patches severe bugs in edge computing modules
- Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
- Microsoft: SolarWinds Hackers Attempted to Access Our Systems Until January 2021
- Christmas Ransomware Attack Hit New York Airport Servers
- Microsoft Windows Kernel ‘Win32k.sys’ CVE-2017-0263 Local Privilege Escalation Vulnerability
- EU Court Curbs Mass Phone Data Grab by Spy Agencies
- US Puts New Controls on Israeli Spyware Company NSO Group
- Online: The Other Side of Terrorism
- 23-year-old Student, Daniel Stratman, Sentenced for Hacking