For the first time, the North Korean APT Lazarus group seems to be participating in coordinated attacks against Russian-based companies. According to CheckPoint Research, the attacks over the past several weeks were likely launched by the Lazarus subdivision \u201cBluenoroff, whose main focus is monetization and global espionage campaigns.\u201dThe North Koreans choosing to cyber-attack Russia is an \u201cunusual choice,\u201d CheckPoint said, as \u201cusually, these attacks reflect the geopolitical tensions between the DPRK and nations such as the U.S, Japan and South Korea. In this case, though, it is probably Russian organizations who are the targets.\u201dOther cybersecurity newsThe Russians can pwn organizations in under 20 minutes, so get with the 1-10-60 ruleWhen it was Russia doing the attacking in 2018, organization defenders sadly had fewer than 20 minutes \u201cto respond to and contain or remediate an intrusion before it spreads widely in their environment and leads to a major breach.\u201d That\u2019s the \u201cbreakout time\u201d if Russia is coming for you as defined in the 2019 Crowdstrike Global Threat Report; the breakout time metric \u201cmeasures the speed with which adversaries accomplish lateral movement in the victim environment after their initial compromise.\u201dRussian attackers are \u201calmost eight times as fast as their speediest competitor \u2013 North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China.\u201d CrowdStrike rated the 2018 average breakout times for the following five groups:18 minutes and 49 seconds for the \u201cbears\u201d \u2013 aka Russians2 hours, 28 minutes and 14 seconds for \u201cchollima\u201d aka North Korea4 hours and 26 seconds for \u201cpandas\u201d aka China5 hours, 9 minutes and 4 seconds for \u201ckittens\u201d aka Iranians9 hours, 42 minutes and 23 seconds for \u201cspiders\u201d aka cyber-criminalsIf organizations want to effectively combat sophisticated cyber attacks, CrowdStrike recommends they get with the 1-10-60 rule: Detect intrusions within one minute, pull off a full investigation in fewer than 10 minutes, and eradicate the attacks from the environment in under 60 minutes.WordPress and Drupal CMS flawsHopefully you trust the people you marked as \u201cauthor\u201d on any WordPress sites you might have, as Rips Technologies revealed a remote code execution vulnerability that can be exploited by an account with at least author privileges; the RCE flaw is in every WordPress version released \u201cfor over six years.\u201dIf you are more of a Drupal person, then there\u2019s a \u201chighly critical\u201d update you need that will be released on Wednesday; it\u2019s rated 20 of 25 for severity.Deeply creepy eye-in-sky: Cameras embedded in airplane in-flight entertainment systems After being confronted by Twitter user Vitaly Kamluk, Singapore Airlines admitted that the \u201csensors\u201d on in-flight entertainment screens were indeed cameras.\u00a0The cameras, which are part of inflight entertainment systems, are allegedly \u201cdisabled\u201d with no plan to start using them.Just found this interesting sensor looking at me from the seat back on board of Singapore Airlines. Any expert opinion of whether this a camera? Perhaps @SingaporeAir could clarify how it is used? pic.twitter.com\/vy0usqruZG\u2014 Vitaly Kamluk (@vkamluk) February 17, 2019Hi there, thank you for reaching out to us. We would like to share that some of our newer inflight entertainment systems provided by the original equipment manufacturers do have a camera embedded in the hardware. (1\/2)\u2014 Singapore Airlines (@SingaporeAir) February 17, 2019These cameras have been disabled on our aircraft, and there are no plans to develop any features using the cameras. Thank you. (2\/2)\u2014 Singapore Airlines (@SingaporeAir) February 17, 2019Put another way:inching closer to Black mirror every day.free idea: you're in a big metal tube for 12 hours and the screen demands you must pay attention or you won't get food https:\/\/t.co\/JkozbkSNOF\u2014 Internet of Shit (@internetofshit) February 19, 2019Channel NewsAsia reported that Singapore Airlines has 84 aircraft that have cameras embedded in in-flight entertainment systems. The embedded cameras are reportedly included in in-flight entertainment systems on \u201cSIA\u2019s A350-900s, A380s, Boeing 777-300ERS and 787-10s.\u201dForced DNA collection for Arizona database \u2013 Those giving up DNA may even be charged $250Speaking of creepy, proposed legislation in Arizona could require DNA from, well, almost everyone. Penn State University associate dean David Kayne told Arizona Republic that SB 1475 is \u201cone step away from requiring DNA from anyone who wants a driver\u2019s license.\u201dThe article also claimed that DNA could be collected from the dead, as well as from anyone who has to be fingerprinted by the state for a job. In fact, the article said, \u201cif the proposed legislation passes, many people \u2013 from parent school volunteers to teachers to real estate agents and foster parents \u2013 will have no choice but to give up their DNA.\u201dIf that\u2019s not bizarre enough for you, then consider that AZCentral added, \u201cA $250 fee could be collected from a person who submits biological samples,\u201d though \u201cit\u2019s not clear who would foot the cost for the dead.\u201d It\u2019s also not clear if the forced collection of DNA for a massive state database is even legal.