Vendor Management Office

  Email marketing firm Mailchimp announced on Monday that a hacker breached its internal tools and managed to gain access to 319 Mailchimp accounts for companies in the cryptocurrency and finance industries.  Read full story here . Disclosure: VMO also uses Mailchimp to store subscriber information, however we do not think our account was compromised. We also have two-factor authentication enabled on Mailchimp account.

  The Canadian affiliate of Big Four audit firm PwC has agreed to pay $950,000 in penalties between two audit regulators after discovering widespread cheating among employees taking internal exams. Read more here .

  Around the same time Russian forces  launched a massive rocket into a square in Kharkiv , Ukraine’s second-largest city, killing and wounding an as of yet unknown number of people, Eugene Kaspersky, head of his namesake Russian cybersecurity firm,  tweeted that he hoped  negotiations between Ukraine and Russia would lead to “a compromise.” Read more here .

  A zero day vulnerability in Google’s highly used browser Chrome requires that you update it to the new version immediately.  Zero-days triggered by memory mismanagement while the browser is rendering a page are always worrying  because remote code execution (RCE) holes in a browser often lead to so-called  drive-by downloads , where merely looking at a booby-trapped web page could leave you with malware implanted on your computer or your phone . Read more here . 

  Confidential documents have revealed how the telecoms giant Ericsson is alleged to have helped pay bribes to the  Islamic State  terrorist group in order to continue selling its services after the militants seized control of large parts of Iraq. Read more here  

  TOKYO, Feb 28 (Reuters) - Toyota Motor said it will suspend domestic factory operations on Tuesday, losing around 13,000 cars of output, after a supplier of plastic parts and electronic components was hit by a suspected cyber attack. Read more here

  Shares in Ericsson were down nearly 15% at one point today as investors reacted to reports that Ericsson may have made payments to the ISIS terror organization to gain access to certain transport routes in Iraq.  It is not the first time Erricsson has been accused of corruption. Sweden's telecom giant had previously agreed in Sept 2019 to pay more than $1bn to resolve allegations of bribery to the US Department of Justice. Read the story here.

  Thales eSecurity Inc. is a market leader in Encryption and Data Security domain. The French conglomerate has an Arms division that is accused of paying bribes to former South African President Jacob Zuma for a $2 Billion Arms deal.  Jacob Zuma and Thales deny the allegations, a court case will begin on May 17, 2022. Most recently the Court dismissed Zuma's attempt to remove the prosecutor from his corruption trial.  Read More here: News Link 1. News Link 2.

  The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting MS-SQL servers that are vulnerable to malware attacks. It targets MS-SQL servers that are not patched. Read the complete story here .

  Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. If you have Corporate Samsung Phones or BYOD enabled Samsung Phones, you must act now. Read the complete story here.