Afternoon Dessert – 2023-01-24

Afternoondessert

Welcome to another Afternoon Dessert breakout:

Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. […]
Read more….

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022.
The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber
Read more….

GoTo says hackers stole customers’ backups and encryption key
GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. […]
Read more….

FBI: North Korean hackers stole $100 million in Harmony crypto hack
The FBI has concluded its investigation on the $100 million worth of ETH heist that hit Harmony Horizon in June 2022 and validated that the hackers responsible for it are the Lazarus group and APT38. […]
Read more….

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers.
“The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation,” SentinelOne said in an analysis published today.
A striking
Read more….

Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. […]
Read more….

75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin ‘LearnPress’ was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. […]
Read more….

U.S. sues Google for abusing dominance over online ad market
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market.  […]
Read more….

Follow for more…

%d bloggers like this: