The US government is aggressively pursuing three men accused of wide-ranging and complex conspiracies of laundering stolen and illicit cryptocurrency that the North Korean regime used to finance its massive weapons programs.…
ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software
The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity
Sponsored Feature Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule – the microprocessor in 1968, the IBM PC in 1981, the web in 1989, the smartphone in 2007. These are the technologies whose appearance began new eras that completely reshaped the industry around them.…
A great blog post from Outflank, and a must-read for CISOs and technical blue teams! The post outlines common controls and strategies deployed to mitigate Microsoft Office macro security issues. They also introduce LOLdocs from a recent Brucon talk, detailing how vulnerabilities in signed #microsoft Office content might be abused to bypass even strictly configured MS Office installs. Awesome.
Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code.…
RSA Conference A group of some of the largest operational technology companies are using this year's RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial control systems (ICS) environments. …
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.…