The US Securities and Exchange Commission has entered a civil complaint against nine defendants in connection with the 2016 hack of the SEC's EDGAR reporting system. The alleged hackers are a global lot, hailing from Ukraine, Russia, and California. The SEC says the defendants made about $4.1 million through illicit trading in non-public information. In a parallel action the US Justice Department indicted two gentlemen from Kiev, both also named in the SEC's action, on sixteen counts of "securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud."
Flashpoint has found the Lazarus Group's spoor in last month's attack on Chile's Redbanc. It was a social engineering attack with job-offering phishbait.
Website Planet outlines the client-side vulnerabilities it found in major web-hosting platforms.
WhiteHat has released its study of last year's top-ten application vulnerabilities. Number one on the list is a jQuery File Upload exploit.
Coveware outlines an unusually cruel and repellent Cryptomix ransomware campaign: this one spreads by emails representing themselves as coming from a charity devoted to helping children who suffer from cancer. The charity is bogus, but the children used as phishbait, alas, are all too real.
If you really must play Fortnite, Check Point recommends enabling two-factor authentication on your account. There's account hijacking afoot, much of it enabled by dodgy sites promising ways of accumulating V-bucks in-game currency at a discount. European Union Anti-Corruption warns that Fortnite (with its V-bucks) is growing increasingly popular with organized crime as a money-laundering medium.