The CyberWire is pleased to announce the launch of our new newsletter focused on connecting women in the cybersecurity field across the globe! The publication will launch on August 3rd, and will appear on the first Monday of every month. It's brought to you by women in the industry, and you're invited to join our league of cyber ladies and create lasting connections. Learn more or subscribe here.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Twitter alludes to "spear phishing." GuLoader is back. DPRK's Operation North Star. "Deceptikons" for hire. Recommendations from NSA, NIST.
According to Twitter, the social engineering that enabled attackers to compromise high-profile accounts to run a Bitcoin scam was accomplished through “a phone spear phishing attack.” It’s unclear exactly what that means (Graham Cluley speculates that it involved Twitter help desk impersonation), but Twitter says it’s increasing security.
Malwarebytes says that GuLoader has returned to use by a malspam campaign after a period of quiet that began in June.
McAfee researchers describe Operation North Star, a North Korean cyberespionage campaign that prospects workers in the defense and aerospace sector with bogus job offers. Pyongyang has used this approach intermittently since 2018. LinkedIn has again been used to communicate the offers, which are subsequently baited with malicious code.
European law firms are being targeted by a “hacker-for-hire mercenary group,” ZDNet reports. The group, which is known by the playground nom-de-hack “Deceptikons,” has been described by Kaspersky researchers. The company’s APT Trends Threat Report for 2020’s second quarter describes the group as “clever” as opposed to “techically advanced.” The Deceptikons have been active for a decade, and are most interested in collecting financial information, client information, and details of negotiations.
NSA has issued mitigation advice for the BootHole vulnerability Eclypsium disclosed this week. Users can either update the endpoints’ vulnerable boot components and revoke the trust of existing boot components, or they can implement Secure Boot trust infrastructure and customize endpoints to use it.
NIST reminds critical infrastructure operators that the Institute has guidelines available for secure engineering that can reduce risk.
Today's issue includes events affecting Australia, Canada, China, Estonia, the European Union, India, the Democratic Peoples Republic of Korea, Morocco, New Zealand, the Philippines, Portugal, Russia, Ukraine, the United Kingdom, and the United States.
Subscribe to CyberWire Pro to gain exclusive access to actionable reporting, analysis and insights on the global information security industry reshaping our world. CyberWire Pro is an independent news service you can depend on to stay informed, and save time. This unique offer includes access to exclusive podcasts, briefings, webinars, and much more! Visit thecyberwire.com/pro to learn more.