WIRED: Good Luck Not Accidentally Hiring a North Korean Scammer

WIRED: Good Luck Not Accidentally Hiring a North Korean Scammer . “Last week, the US Treasury, State Department, and Federal Bureau of Investigation jointly issued a 16-page alert warning businesses to guard against a particular scam in which North Korean IT workers apply for freelance contracts—often with wealthy North American, European, and East Asian firms—to generate revenue for their country. The workers pose as IT workers of other nationalities, pretending to be remote workers from South Korea, China, Japan, Eastern Europe, or the US. The alert notes that there are thousands of North Korean IT workers taking on such contracts.”

Lawfare Blog: How to Fight Foreign Hackers With Civil Litigation

Lawfare Blog: How to Fight Foreign Hackers With Civil Litigation. “Since 2010, Microsoft alone has won court orders to seize command and control (C2) servers and sinkhole malicious traffic in 24 cases, seizing a total of more than 16,000 malicious domains. Mechanically, these cases work a lot like the Justice Department’s botnet takedowns: Both entities compile evidence that particular domains are being used to control botnets and use that evidence to obtain court orders requiring U.S.-based domain registries to redirect those domains to servers controlled by the entity that sought the order, among other possible court-authorized remedies.”

Engadget: Twitter’s security leads are leaving the company

Engadget: Twitter’s security leads are leaving the company. “The company confirmed to The New York Times that former head of security Peiter Zatko has departed, while chief information security officer Rinki Sethi will leave Twitter in the coming weeks. Agrawal is said to have told employees this week that the personnel decisions were made after ‘an assessment of how the organization was being led and the impact on top priority work.’”

TechCrunch: DocuSign phishing campaign targets low-ranking employees

TechCrunch: DocuSign phishing campaign targets low-ranking employees. “Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level.”

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market. “Cyberattacks have been increasing in both frequency and severity, but it’s not just because malicious actors are upping their game (though they very much are). Many cybersecurity veterans feel that the effective solutions the industry has put out over the years aren’t fully being taken advantage of, and now a new report from IBM sheds light on the ways enterprises are leaving the door wide open. It also details a ‘booming’ dark web marketplace for compromised cloud accounts, where some credentials are selling for just a few dollars.”

VentureBeat: 3 SSL VPN vulnerabilities disclosed in 2019 are still routinely exploited

VentureBeat: 3 SSL VPN vulnerabilities disclosed in 2019 are still routinely exploited. “Vulnerabilities in SSL VPN products are some of the most exploited by attackers for initial access to target networks, acting as a doorway for exploitation. Earlier this year, Tenable Research named three VPN vulnerabilities as part of its Top Five Vulnerabilities of 2020. Although all three vulnerabilities (CVE-2019-19781, CVE-2019-11510, CVE-2018-13379) were disclosed in 2019 and patched by January 2020, they continue to be routinely exploited more than halfway through 2021.”

Microsoft warns cloud customers of flaw that may have exposed databases: report (Marketwatch)

MarketWatch: Microsoft warns cloud customers of flaw that may have exposed databases: report. “Reuters reported that Microsoft warned of a major flaw in its flagship Azure Cosmos DB database service, which could allow hackers to read, change or delete data. The vulnerability was discovered by cybersecurity company Wiz, whose chief technology officer used to be CTO for Microsoft’s cloud security unit. Microsoft agreed to pay Wiz $40,000 for reporting the flaw, Reuters reported, citing an email.”

Wanted: Disgruntled Employees to Deploy Ransomware (Krebs on Security)

Krebs on Security: Wanted: Disgruntled Employees to Deploy Ransomware. “Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.”

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test. “NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it’s phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale.”

Wired: A New Tool Wants to Save Open Source From Supply Chain Attacks

Wired: A New Tool Wants to Save Open Source From Supply Chain Attacks. “RUSSIA’S HISTORICALLY DESTRUCTIVE NotPetya malware attack and its more recent SolarWinds cyberespionage campaign have something in common besides the Kremlin: They’re both real-world examples of software supply chain attacks. It’s a term for what happens when a hacker slips malicious code into legitimate software that can spread far and wide. And as more supply chain attacks emerge, a new open source project is angling to take a stand, making a crucial safeguard free and easy to implement.”