South Korean industrial conglomerate Hanjin Heavy Industries appears to have sustained a cyber attack (espionage was the apparent goal) on April 20. The RoK Defense Security Command has opened an investigation. North Korea is the prime suspect as usual and on form. CSO says it’s in touch with researchers who’ve seen signs of the DPRK-linked Lazarus Group’s resurrection.
Symantec notes that one of the bugs Microsoft patched yesterday, IE remote-code-execution vulnerability CVE-2016-0189, has been exploited in targeted espionage directed against South Korean targets.
Sophos publishes some interested research into the state of what Naked Security calls “the anti-anti-virus arms race.” They outline some of the techniques for fingerprinting specific victim devices malware developers are embedding in their code.
Microsoft issued sixteen patches yesterday (Threatpost calls the total “hefty”), eight of which Redmond rated critical. Those eight involved the aforementioned Internet Explorer, Edge, JScript and VBScript scripting engines in Windows, Office, Microsoft Graphics Component, Windows Journal, and Windows Shell.
Adobe also updated PDF Reader and Cold Fusion yesterday. The company also said it intends to issue another Flash Player update later this week.
In industry news, neither Pwnie Express nor Bayshore Networks appear to be suffering from a venture capital drought rumored to affect the cyber sector. Pwnie Express received $12.9 million in Series B funding from Ascent Venture Partners and others to fund the company’s push into IoT security markets. Bayshore’s $6.6 million in Series A funding (Trident Capital Cybersecurity) is also IoT-related, in this case to industrial security products.