According to Twitter, the social engineering that enabled attackers to compromise high-profile accounts to run a Bitcoin scam was accomplished through “a phone spear phishing attack.” It’s unclear exactly what that means (Graham Cluley speculates that it involved Twitter help desk impersonation), but Twitter says it’s increasing security.
Malwarebytes says that GuLoader has returned to use by a malspam campaign after a period of quiet that began in June.
McAfee researchers describe Operation North Star, a North Korean cyberespionage campaign that prospects workers in the defense and aerospace sector with bogus job offers. Pyongyang has used this approach intermittently since 2018. LinkedIn has again been used to communicate the offers, which are subsequently baited with malicious code.
European law firms are being targeted by a “hacker-for-hire mercenary group,” ZDNet reports. The group, which is known by the playground nom-de-hack “Deceptikons,” has been described by Kaspersky researchers. The company’s APT Trends Threat Report for 2020’s second quarter describes the group as “clever” as opposed to “techically advanced.” The Deceptikons have been active for a decade, and are most interested in collecting financial information, client information, and details of negotiations.
NSA has issued mitigation advice for the BootHole vulnerability Eclypsium disclosed this week. Users can either update the endpoints’ vulnerable boot components and revoke the trust of existing boot components, or they can implement Secure Boot trust infrastructure and customize endpoints to use it.
NIST reminds critical infrastructure operators that the Institute has guidelines available for secure engineering that can reduce risk.