VulnHub

Real-time Cybersecurity News

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The Hacker News

Overview

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on six individuals and two entities linked to a North Korean scheme that exploited fake remote IT jobs. These individuals and groups were reportedly involved in defrauding U.S. companies to generate funds that support the North Korean regime's weapons of mass destruction programs. The sanctions aim to disrupt the financial networks used by the Democratic People's Republic of Korea (DPRK) to sustain its military ambitions. This incident underscores ongoing concerns about North Korea's attempts to circumvent international sanctions and engage in illicit activities that threaten global security.

Key Takeaways

  • Timeline: Disclosed on October 2023

Original Article Summary

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs. "The North Korean

Impact

Not specified

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on October 2023

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to address a vulnerability in the Zimbra Collaboration Suite (ZCS) that is currently being exploited in the wild. This flaw allows for cross-site scripting attacks, which can enable attackers to execute malicious scripts in the context of a user's session. Affected organizations need to act quickly to secure their servers to prevent unauthorized access and data breaches. The urgency of this directive underscores the importance of maintaining up-to-date security practices, especially for government entities that handle sensitive information. Users of ZCS should ensure their systems are patched as soon as possible to mitigate the risk posed by this vulnerability.

Mar 18, 2026

U.S. robotics companies want federal help to keep Chinese robots out of America’s networks

CyberScoop

U.S. robotics companies are urging Congress for assistance in preventing Chinese-made robots from infiltrating American networks. Executives express concern that as the robotics market grows, so does the potential for cyberattacks targeting these systems. They are advocating for a clear federal strategy to address these risks and protect national security. The call for action highlights the ongoing tensions between the U.S. and China regarding technology and cybersecurity, emphasizing the need for proactive measures to safeguard critical infrastructure. This situation raises important questions about the security of emerging technologies and the role of government in regulating foreign influence in the tech sector.

Mar 18, 2026

Ransomware gang exploits Cisco flaw in zero-day attacks since January

BleepingComputer

The Interlock ransomware gang has been actively exploiting a serious remote code execution vulnerability in Cisco's Secure Firewall Management Center (FMC) software since late January. This flaw, classified as having maximum severity, allows attackers to execute arbitrary code on affected systems, putting organizations at significant risk. Companies using this software should be particularly vigilant, as the vulnerability is being exploited in ongoing attacks. Cisco has not yet released a patch to address this issue, which raises concerns about the potential for widespread impact. Organizations relying on Cisco FMC should prioritize security measures and closely monitor any unusual activity to safeguard their networks.

Mar 18, 2026

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

The Hacker News

Amazon Threat Intelligence has issued a warning regarding an active ransomware campaign known as Interlock, which is exploiting a significant vulnerability in Cisco's Secure Firewall Management Center (FMC) Software. This vulnerability, identified as CVE-2026-20131, has a maximum severity score of 10.0 and stems from an insecure deserialization of user-supplied Java byte streams. This flaw could allow attackers to gain root access without authentication, posing a serious risk to organizations using affected Cisco products. The exploitation of this vulnerability is concerning as it enables unauthorized access, potentially leading to data breaches and system compromises. Companies using Cisco FMC Software must take immediate action to protect their systems from this ongoing threat.

Mar 18, 2026

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

Infosecurity Magazine

A new vulnerability identified as CVE-2026-3888 has been discovered in Ubuntu's snap package management system, allowing local users to escalate their privileges to root access through a timing-based exploit. This flaw poses a significant risk particularly for multi-user environments, as any local user could potentially gain complete control over the affected system. Ubuntu has not specified which versions are impacted, but users running the snap package system should be aware of this vulnerability. The implications of this flaw are serious, as it could enable attackers to manipulate system settings, install malicious software, or access sensitive information. Users are advised to monitor for updates from Ubuntu and apply patches as they become available.

Mar 18, 2026

Marquis: Ransomware gang stole data of 672K people in cyberattack

BleepingComputer

Marquis, a financial services provider based in Texas, recently reported that a ransomware attack in August 2025 compromised the personal data of over 672,000 individuals. The breach also had significant operational impacts, affecting 74 banks across the United States. The stolen data may include sensitive information, raising concerns about identity theft and privacy for those affected. This incident highlights the vulnerabilities in the financial sector and the ongoing threat posed by ransomware groups. Organizations in this space need to enhance their cybersecurity measures to protect both their operations and customer data.

Mar 18, 2026