A verified but fake Twitter account that had operated in the falsely appropriated name of Dr. Jaouad Mahjour, assistant director-general of the World Health Organization (WHO) has been traced to an Iranian threat actor. The account had followed an Iranian government line of disinformation, tweeting that the US Government (specifically the Trump Administration) had been pushing WHO to test vaccines on prisoners, immigrants, and Black Americans. The Daily Beast claims the operation looks like the work of Endless Mayfly, a Tehran-aligned actor known for impersonation operations.
The Jerusalem Post reports that the Israeli Defence Ministry says it detected and stopped a campaign by North Korea’s Lazarus Group to gain access to Israeli defense companies. The Lazarus Group used a now-familiar tactic: phishing in LinkedIn with bogus job offers to targeted employees. Researchers at ClearSky (which calls the campaign “Operation Dream Job”) have details.
Check Point this morning published research indicating flaws in Amazon’s Alexa that could have enabled attackers to access personal information when users interacted with Alexa skills. Users’ information at risk included “voice history, home address and control of their Amazon account.” Amazon has fixed the vulnerabilities to cross-origin resource sharing misconfigurations and cross-site scripting. (In a relevant but unrelated discussion, NIST outlines security considerations for smart home devices.)
The US Cybersecurity and Infrastructure Security Agency (CISA) warned that an “unknown malicious cyber actor” is spoofing a US Small Business Administration COVID-19 loan relief site in phishing emails.
DomainTools has published an update on the Avaddon ransomware-as-a-service operation.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.