Facebook warns Apple privacy changes will decimate ads

When iOS 14 hits iPads and iPhones in September, advertisers should expect weaker performance, Facebook claims. Apple claims that it’s making the changes to its user-tracking Identifier for Advertisers to better protect user privacy. Facebook fears that Apple is moving way too fast for the app developer community, especially gaming apps, and that this will hurt everybody’s bottom line. 

(Axios)

Feds’ stern warning for banks: Watch out for BeagleBoyz

The United States Computer Emergency Readiness Team published a dire warning for financial institutions on Wednesday. The North Korean hacking group BeagleBoyz have not only attempted to steal nearly $2 billion since 2015, but that the group also has “rendered inoperable” critical computer systems at organizations in its crosshairs. The BeagleBoyz are so destructive that an African bank they hit in 2018 couldn’t use its ATMs or point-of-sale terminals for nearly two months.

(U.S.-CERT)

Feds put the kibosh on Russian’s million-dollar malware scheme

Federal prosecutors have charged a Russian national for allegedly offering $1 million to an employee of a Nevada-based company if the employee would infect the company’s network with malware. A criminal complaint unsealed on Tuesday alleges that 27-year-old Egor Igorevich Kriuchkov wanted the employee to install malware which would exfiltrate data from the unidentified company and ransom it back for $4 million, although the malware itself has not been identified as ransomware.

(Ars Technica)

Malicious Autodesk plugin drives cyber-espionage campaign

Billion-dollar real estate deals make appealing targets too good for hackers to pass up, claims Bitdefender.  The cybersecurity company says it has found evidence of a new effort to steal financial data and contractual negotiation details through an Autodesk 3ds Max plugin targeting an international architectural and video production company. Bitdefender alleges that hackers-for-hire with a background in nation-state attacks are behind this campaign, but did not reveal the name of the victimized company.(CyberScoop)

Thanks to our sponsor Trend Micro

Automate security and compliance checks with Trend Micro’s Cloud One Conformity. Run reports on an endless combination of filters to exhaustively audit your entire multi-cloud infrastructure. Through hundreds of automated checks against industry compliance standards and cloud security best practice rules, you can continuously improve your security and compliance posture. Leverage detailed resolution steps to quickly rectify security vulnerabilities and reliability risks.

More facial recognition coming to U.S.-Canada border

While the pandemic has shuttered non-essential travel between the two countries since March, the Future Borders Coalition has unveiled a plan for when it reopens to improve border security through advanced surveillance. The cross-border group, made up of more than 60 transport centers and industry organizations, has developed a mix of advanced biometric technology, drone networks, and smartphone apps to process and track the movement of people and goods. 

(Vice)

North Korean hackers use LinkedIn to target cryptocurrency 

Fake LinkedIn job messages are the latest phishing technique used by the Lazarus Group to hack cryptocurrency and financial sector workers. As revealed in a report by cybersecurity company F-Secure, a job advertisement document hides its malicious payload, and asks recipients to open it in Microsoft Word. The scam focuses on stealing credentials for online bank accounts and cryptocurrency wallets.

(F-Secure)

Passwords still top hackers most-wanted lists  

What’s the top weakness that pen-testers love to snag? No shock that it’s the ever-lasting password, as siphoning credentials remains a huge part of ethical hacking efforts, according to Rapid7’s latest “Under the Hoodie” report. Top techniques used by red teams and social engineering efforts for snagging passwords include password spraying, man-in-the-middle attacks, and offline password cracking.

(Dark Reading)

New Zealand’s stock exchange suffers second DDOS in two days

*A second day of cyberattacks against NZX in Wellington halted trading for more than three hours. Cyberattacks against critical infrastructure in New Zealand are rare, but experts have yet to identify who might be behind the attacks.(Bloomberg)