Lazarus APT conceals malicious code within BMP image to drop its RAT
blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/ Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers.
Malware That Spreads Via Xcode Projects Now Targeting Apple’s M1-based Macs
thehackernews.com/2021/04/malware-spreads-via-xcode-projects-now.html A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple’s new M1 chips and expand its features to steal confidential information from cryptocurrency apps.
Malvertisers hacked 120 ad servers to load malicious ads
therecord.media/malvertisers-hacked-120-ad-servers-to-load-malicious-ads/ A malvertising operation known under the codename of Tag Barnakle has breached more than 120 ad servers over the past year and inserted malicious code into legitimate ads that redirected website visitors to sites promoting scams and malware.
Cryptoscam with fake mining equipment
www.kaspersky.com/blog/cryptoscam-fake-antminer/39398/ How fake sellers are stealing bitcoins from buyers of sought-after mining equipment. Rising cryptocurrency prices have led to an increase in demand for mining equipment, but COVID-19 restrictions have led to a drop in supply. As a result, the world is witnessing another shortage of powerful video cards and cryptomining equipment, with months-long wait times for new deliveries. Cybercriminals, as always, are looking to capitalize on the crisis.
Passwordless: More Mirage Than Reality
thehackernews.com/2021/04/passwordless-more-mirage-than-reality.html The concept of “passwordless” authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn’t want an easier way?
Zero trust, basic cyber hygiene best defence against third-party attacks
www.zdnet.com/article/zero-trust-basic-cyber-hygiene-best-defence-against-third-party-attacks/ Rather than entrust third-party suppliers to keep their supply chain secured, organisations should adopt a zero trust security strategy and establish basic cyber hygiene to safeguard their data. Adopting a zero trust security strategy can better safeguard organisations against third-party attacks, where suppliers should not simply be entrusted to do the right thing. In this second piece of a two-part feature, ZDNet looks at how businesses in Asia-Pacific can establish basic cyber hygiene as well as better data management to combat attacks from across their supply chain.