Security News > 2023 > March

A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. "APT43 is a prolific cyber operator that supports the interests of the North Korean regime," Mandiant researchers said in a detailed technical report published Tuesday.

In an economic climate putting immense pressure on business leaders to prove ROI and team efficiency - a new report from Immersive Labs looks into the lack of confidence cyber leaders have in their team's preparation and abilities to combat cyber incidents. In this Help Net Security video, Max Vetter, VP of Cyber at Immersive Labs, discusses the growing pressure on cybersecurity teams to prove their readiness for new and emerging threats.

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. Heidell, Pittoni, Murphy and Bach represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information.

For context, digital skimming attacks occur when threat actors deploy malicious code onto a merchant website where they target their checkout pages to scrape and harvest consumer payment account data, such as primary account number, card verification value, expiration date and personally identifiable information. Cryptocurrency bridge services were a favored target for threat actors in 2022 and from January through early October 2022, the cryptocurrency ecosystem experienced 13 separate bridge attacks totaling $2B. What can payment processors and e-commerce merchants do to help protect themselves against enumeration attacks?

92% of network security and operations pros say there are more network updates needed than they can keep up with. While 61% of companies only upgrade network and security devices quarterly or less frequently, 48% of survey respondents say their company has not implemented or invested deeply in network automation, opening them up to security breaches and other serious issues.

Microsoft has introduced Microsoft Incident Response Retainer, allowing customers to pre-pay and count on help from Microsoft incident responders before, during and after a cybersecurity crisis.Firms, especially small ones, often don't have dedicated teams that can deal with a cyber incident - they simply don't have the time, resources, or expertise to build an in-house incident response program.

Senior Chinese government officials have urged Apple CEO Tim Cook to improve the security and privacy features of his company's products. "Director Zheng Shanjie said that the Chinese government will unswervingly implement the basic national policy of opening to the outside world, and the National Development and Reform Commission will continue to support foreign-funded enterprises including Apple in their business in China," the post states.

Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now. The US government's Cybersecurity and Infrastructure Security Agency logged the WebKit type confusion flaw in its Known Exploited Vulnerabilities Catalog on February 14, a day after Apple patched the issue in macOS Ventura, Safari 16 on macOSes Big Sur and Monterey, and iOS 16.

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions. While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

A microcosm of this upward trend involved exploits targeting public information sites and tied to political events, including the war in Ukraine and the midterm elections in the U.S. In response to the rise in politically motivated DDoS attacks, Google is offering a free service called Project Shield to government sites, news and independent journalists, sites related to elections and voting, and sites that cover human rights. The company reported a 400% rise in DDoS attacks on its customers during last year's election season in the U.S. In the second half of 2022, Project Shield saw over 25,000 such attacks against customers, many of them 100,000 queries per second in size.