Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA

Subscribe to Cyber Security Headlines podcast

Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.

In today’s cybersecurity news…

Lazarus Group’s VM Connect campaign spoofs CapitalOne

New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with malicious software packages on open-source repositories by posing as employees of the financial services firm Capital One. Again seeking to lure developers into downloading the malware by directing them to a GitHub repository containing a “homework task.” This is similar, but different from a story we reported on last week in which the Lazarus Group was seen doing the same thing through LinkedIn using CovertCatch. In this case Reversing Labs researchers says it is connected to a 2023 VMConnect campaign focused on Python modules. They added, “It is clearly intended to create a sense of urgency for the would-be job seeker, thus making it more likely that they would execute the package without performing any type of security or even source code review first.”

(InfoSecurity Magazine)

Mastercard buys Recorded Future

Financial payment company MasterCard announced yesterday that it will acquire the threat intelligence company Recorded Future for $2.65 billion, adding to its current portfolio of security products, which include risk assessments and transaction protection. In its press release, MasterCard noted that “Recorded Future is a well-known intelligence firm that boasts more than 1,900 clients internationally, including 45 governments and over half of Fortune 500 companies.” The firm will remain an independent subsidiary, and the deal is expected to close in the first quarter of 2025.

(Cyberscoop)

WordPress to require two-factor authentication for plugin developers

As of October 1, plugin and theme authors will need to use 2FA if they wish to continue enjoying direct access to the codebases that power plugins and themes on WordPress.org. This initiative is aimed at preventing hijacked developer accounts from spreading malicious code. WordPress is also introducing specific passwords for Apache Subversion, a popular, open-source version control system.

(Cyberscoop)

UK recognizes data centers as critical national infrastructure

An announcement made by the UK government’s Technology Secretary Peter Kyle, says that data centers will take a seat alongside energy and water systems in this critical infrastructure category. This means they stand to receive more government support in both anticipating and recovering from incidents. This support extends to organizations like the National Health Service, in which “the government would intervene to ensure contingencies are in place to mitigate the risk of damage or to essential services, including on patients’ appointments or operations.” The United Kingdom, which consists of England, Scotland, Wales and Northern Ireland, has the highest number of data centers in all of Western Europe.

(InfoSecurity Magazine)

Huge thanks to our sponsor, Vanta

Transport for London update: teen suspect arrested

More information about the cyberattack on Transport for London, on September 1. It now appears that a 17-year-old male had been arrested on September 5 in connection to the attack and was later released on bail. The TfL’s website still describes this as “an ongoing cyber security incident.”

(The Record)

TD Bank fined for sharing inaccurate and negative data on customers

TD Bank, also known as Toronto-Dominion Bank, the second largest bank in Canada, has been fined by the country’s Consumer Financial Protection Bureau for “allegedly disclosing incorrect and negative data on its customers to consumer reporting agencies.” The inaccurate data included “systemic errors about credit card delinquencies and bankruptcies,” according to the Consumer Financial Protection Bureau, who further stated, “the bank broke the law, violating both the Fair Credit Reporting Act and the Consumer Financial Protection Act,” adding that customers who disputed the bad information received no help, and that the bank “failed to conduct proper investigations and sometimes to conduct any investigation at all.” Nearly $8 million of the $28 million fine will be sent to victims who were impacted, CFPB said.

(The Record)

Microsoft 365 goes dark temporarily for thousands of users

About 16,000 users had trouble accessing their Microsoft 365 apps yesterday, according to Downdetector.com. Although this is a small fraction of the Microsoft 365 user base, echoes of CrowdStrike had everyone skittish for a while. Although Microsoft did not immediately provide an answer for the outage, its Azure cloud platform announced on X that it was probing customer reports of a potential issue connecting Microsoft’s services from AT&T networks.

(Reuters)

Business Email Compromise has cost $55bn in ten years

This comes from a warning from the FBI’s Internet Crime Complaint Center (IC3), who report 305,000 incidents happened globally between October 2013 and December 2023, including more than 158,000 U.S. victims. As a form of social engineering, BEC threat actors not only compromise email accounts, but they also monitor messages from legitimate entities in order to make their requests for cash transactions sound more realistic.

(InfoSecurity Magazine)