Security daily (18-06-2021)

Can YOU blow a PC speaker using only a Linux kernel driver?

Can you help? There's a hidden meaning here, and it's time to find it! (Naked Security)

North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute

South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89 (The Hacker News)

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and (The Hacker News)

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and (The Hacker News)

What’s Making Your Company a Ransomware Sitting Duck

What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps? (Threatpost)

Carnival Cruise Cyber-Torpedoed by Cyberattack

This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks. (Threatpost)

Insider Versus Outsider: Navigating Top Data Loss Threats

Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts. (Threatpost)

‘Oddball’ Malware Blocks Access to Pirated Software

Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads. (Threatpost)

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors

A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target. (Threatpost)


/security-daily/ 19-06-2021 23:44:23