Join us every Tuesday for the CyberWire's Word Notes, a short podcast that defines a cybersecurity term drawn from our glossary. (If you're tired of bingeing TV shows during lockdown, you can binge Word Notes. And build your vocabulary at the same time.) Tune in for concept and context. Download and enjoy the debut here.
Use Recorded Future Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now at no cost.
A verified but fake Twitter account that had operated in the falsely appropriated name of Dr. Jaouad Mahjour, assistant director-general of the World Health Organization (WHO) has been traced to an Iranian threat actor. The account had followed an Iranian government line of disinformation, tweeting that the US Government (specifically the Trump Administration) had been pushing WHO to test vaccines on prisoners, immigrants, and Black Americans. The Daily Beast claims the operation looks like the work of Endless Mayfly, a Tehran-aligned actor known for impersonation operations.
The Jerusalem Post reports that the Israeli Defence Ministry says it detected and stopped a campaign by North Korea’s Lazarus Group to gain access to Israeli defense companies. The Lazarus Group used a now-familiar tactic: phishing in LinkedIn with bogus job offers to targeted employees. Researchers at ClearSky (which calls the campaign "Operation Dream Job") have details.
Check Point this morning published research indicating flaws in Amazon’s Alexa that could have enabled attackers to access personal information when users interacted with Alexa skills. Users’ information at risk included “voice history, home address and control of their Amazon account.” Amazon has fixed the vulnerabilities to cross-origin resource sharing misconfigurations and cross-site scripting. (In a relevant but unrelated discussion, NIST outlines security considerations for smart home devices.)
The US Cybersecurity and Infrastructure Security Agency (CISA) warned that an “unknown malicious cyber actor” is spoofing a US Small Business Administration COVID-19 loan relief site in phishing emails.
DomainTools has published an update on the Avaddon ransomware-as-a-service operation.
Today's issue includes events affecting Belarus, Canada, China, India, Iran, Israel, the Democratic Peoples Republic of Korea, Russia, and the United States.
Almost none. They're hard to build and hard to maintain, but ExtraHop put in the work to give you full access to Reveal(x) network detection and response without any forms or marketing hype. Enter the live demo now!