APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
Hacks
Black Hat and DEF CON Roundup
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
New Hacker Forum Takes Pro-Ukraine Stance
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Cisco Confirms Network Breach Via Hacked Employee Google Account
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.
Phishers Swim Around 2FA in Coinbase Account Heists
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.
Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems
300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.