Security News > 2023 > March

Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic. Wi-Fi frames contain various kinds of data related to network traffic and routing.

Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage. "Mandiant assesses with high confidence that APT43 is a moderately sophisticated cyber operator that supports the interests of the North Korean regime," states a report on the gang released on Wednesday.

The journey towards digital transformation for organizations and governments has been fraught with difficulties, resulting in some users needing to catch up as more digital services are introduced. In this Help Net Security video, Jenn Markey, VP of Payments and Identities at Entrust, talks about how biometrics, hybrid solutions, and decentralized identity are transforming the industry and the future of identity verification.

Firstly, traditional password-based authentication methods are no longer sufficient to protect against increasingly sophisticated cyber threats. In the Owner Scenario, when a user reaches a specific resource or wants to perform a specific action in the protected application, Secfense will prompt the user to re-authenticate with the chosen authentication method.

The release of a cybersecurity maturity assessment tool by the European Union Agency for Cybersecurity aims to provide Small and Medium Enterprises with a valuable resource for enhancing their security posture. The cybersecurity maturity assessment tool designed by ENISA supports those businesses who seek to understand their current cybersecurity maturity level.

The report delves into the efficacy of different security controls, the most concerning threats as tested by organizations worldwide, and top cybersecurity best practices for 2023. Many organizations are testing for trending threats.

International Talk Like a Pirate Day is still months away - circle September 19th on your calendar, me hearties! - but The Register has found news of technology smuggling in China that suggests a buccaneering approach to imports. One incident, reported by Chinese media outlet MyDrivers, saw Chinese customs authorities notice a man wearing ill-fitting black clothing attempt to pass through Gongbei Port, the entry point from Macau to China.

As Europe's enterprises return to normal following the COVID-19 pandemic's impact, they are looking for innovative and cost-effective ways to combine mainframe dependability with the flexibility of the cloud, according to ISG. Mainframe modernization services market accelerates. The report finds that an increased focus on updated IT infrastructure and digital transformation has led to a corresponding acceleration in the mainframe modernization services market.

Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and infrastructure. The good news is you don't have to create your security strategy from scratch.

Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers. "The Tor Project called to help keep Russian users connected to Tor to circumvent censorship," Vitaly Kamluk, head of Kaspersky's Global Research and Analysis Team for APAC, wrote in a blog about the clipper malware.