ESET has found that North Korean threat group Hidden Cobra is deploying its Lazarus toolkit by infiltrating South Korean software supply chains. South Korean Internet users are often required to install additional security software before visiting government or financial sites. The application WIZVERA VeraPort is commonly used to manage such additional security, and Hidden Cobra appears able to replace software delivered to WIZVERA VeraPort users from a “legitimate but compromised website” with Lazarus malware. ESET is highly confident in its attribution of the attacks to Pyongyang.
Malwarebytes warns that the “malsmoke” malvertising campaign has forsaken exploit kits for social engineering. The malsmoke gang usually targets high-traffic adult websites, and they’ve most recently been posting notices that visitors to such a page need to install a Java plugin to view the saucy video they came for. Sure it’s not plausible, but the hoods figure consumers of adult video are unlikely to be skeptical. The hoods are right.
The malsmoke operators aren't alone. Ironscales sees a general shift toward social engineering in ransomware attacks. Ransomware operations are also well-supported by a strong market for criminal-to-criminal services: Intel471 counts at least twenty-five ransomware-as-a-service outfits currently doing business.
The Wall Street Journal summarizes draft EU privacy rules expected to drastically circumscribe how Europeans’ personal data may be handled when moved outside the EU.
The Washington Post goes out on a limb and predicts that the next big disinformation fight will be over COVID-19 vaccines. We’ll crawl out there too and say they’re probably right.