Entries by govanguard

SecOps Teams Wrestle with Manual Processes, HR Gaps

Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester Consulting – with respondents painting a picture of major resource and technology gaps hamstringing their efforts to block cyberattacks. According to the just-released 2020 State of Security Operations survey of 314 enterprise security professionals, enterprise […]

Source

Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach

The operators of the Maze ransomware have added a fresh trick to their bag of badness: Distributing ransomware payloads via virtual machines (VM). It’s a “radical” approach, according to researchers, meant to help the ransomware get around endpoint defense. That’s according to researchers with Sophos Managed Threat Response (MTR), who said that the threat actors […]

Source

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here […]

Source

Mozi Botnet Accounts for Majority of IoT Traffic

The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in […]

Source

CVE-2019-20919 (dbi)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Source

Source

United States: This Week in Government Enforcement

In brief Please join us for a new weekly video series, hosted by Baker McKenzie’s North America Government Enforcement partners Tom Firestone and Jerome Tomas. This weekly briefing is available on demand and will cover hot topics and current enforcement actions related to white collar crime and criminal investigations in the US and abroad to arm […]

Source

Google Play Bans Stalkerware and 'Misrepresentation'

Google is taking the step of prohibiting “stalkerware” in Google Play, along with apps that could be used in political-influence campaigns. Effective October 1, apps that would allow someone to surreptitiously track the location or online activity of another person will be removed from the internet giant’s official online store. According to Google, stalkerware is […]

Source

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. APT41 (a.k.a. Barium, Winnti, Wicked Panda or Wicked Spider) is known for nation-state-backed cyber-espionage activity as well as financial cybercrime. The Department of Justice alleges that the group “facilitated the […]

Source