While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more
RedCurl is its name.
Corporate espionage is its game.
Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.
Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...
There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.
"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more
----------
Three corporate espionage reasons why VW was not a good career choice...
March 14th - Former VW employee says he was fired after questioning deletion of documents. more
June 16th - Former VW employee sought by U.S. arrested in Croatia... more
August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more
----------
The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more
----------
Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more
----------
...and Corporate Espionage can also be entertaining...
U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.
TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more
In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more
Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to
managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a
technology or user-access perspective. The technology isn't good enough
and the users aren't lucrative enough or plentiful enough to justify
it. more
TikTok, it appears, is also giving government fits. Who ya gonna call?
In the 1950s and 1960s, the NSA made a bunch of posters to remind its employees that security is the most important thing, and that they must work hard to protect the country’s most important secrets.
The NSA’s Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target’s computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer’s contents.
According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots – small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed.
Depending upon the installed options, it would have set the purchaser back from $25,000 to $40,000 USD.
 |
| My conception photo of his home office. |
that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.