Image: Shutterstock

3CX Desktop Client Under Supply Chain Attack

Prajeet Nair • March 30, 2023

Suspected North Korean hackers trojanized installers of a voice and video calling desktop client made by 3CX and used by major multinational companies. The vulnerability traces to a poisoned Electron software library file, an open-source framework for user interfaces.

►

Cybercrime

Online Card Fraud Flourishes, Thanks to the Magnetic Stripe

Latest

Blockchain & Cryptocurrency

Cryptohack Roundup: Euler Finance, SafeMoon, BitKeep

Rashmi Ramesh • March 30, 2023

Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.

Cyberwarfare / Nation-State Attacks

Leaks Reveal Moscow Source for Hacking, Disinformation Tools

Mathew J. Schwartz • March 30, 2023

Leaked documents from a Moscow IT consultancy reveal how the Russian government has commissioned tools for its military and intelligence agencies for conducting cyber operations, information warfare, and controlling the internet, as well as training critical infrastructure hackers.

Fraud Management & Cybercrime

Breach Roundup: Lumen, QNAP, NCB and Toyota Italy

Mihir Bagwe • March 30, 2023

In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.

Fraud Management & Cybercrime

Ransomware Groups Hit Unpatched IBM File Transfer Software

Mathew J. Schwartz • March 30, 2023

Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.

Anti-Phishing, DMARC

Phishing Campaign Tied to Russia-Aligned Cyberespionage

Mathew J. Schwartz • March 30, 2023

A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.

Artificial Intelligence & Machine Learning

Tech Luminaries Call for Pause in AI Development

Anviksha More • March 29, 2023

A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.

Governance & Risk Management

Pentagon Doubles Down on Zero Trust

Mathew J. Schwartz • March 29, 2023

A top Pentagon technology official on Wednesday emphasized the U.S. Department of Defense's embrace of zero trust. "We've committed to implementing zero trust across the DOD by 2027, which is an ambitious yet critical milestone," Department of Defense CIO John B. Sherman told a Senate panel.

Fraud Management & Cybercrime

Look Beyond TikTok: Massive Data Collection Is the Real Risk

Mathew J. Schwartz • March 29, 2023

There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.

Business Email Compromise (BEC)

Nigerian Sentenced to 4 Years for Scamming US Citizens

Mihir Bagwe • March 28, 2023

A U.S. federal judge sentenced a Nigerian national to four years in prison for running several cyber-enabled schemes aimed at defrauding U.S. citizens out of more than $1 million. The men were arrested four years ago and extradited to Arizona in 2022 from Malaysia and the United Kingdom.

Critical Infrastructure Security

Lawmakers Urge CISA to Devise Better Measures of Performance

Michael Novinson • March 28, 2023

Lawmakers urged Director Jen Easterly to devise metrics that quantify how effectively the Cybersecurity and Infrastructure Security Agency uses federal money to cut cyber risk. Rep. Dave Joyce wants CISA to more precisely measure the return on taxpayer spending given the agency's rising budget.

Events

'Stronger Together' - Preview of RSA Conference 2023

Tom Field • March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

Blockchain & Cryptocurrency

North Korean Threat Groups Steal Crypto to Pay for Hacking

Rashmi Ramesh • March 28, 2023

North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says. The regime probably expected its hackers to pay their own way before 2020, but the novel coronavirus pandemic exacerbated its demands.