Security News

Mandiant analysts who disclosed the activities of APT43 for the first time assess with high confidence that the threat actors are state-sponsored, aligning their operational goals with the North Korean government's geopolitical aims. The researchers have been tracking APT43 since late 2018 but have disclosed more specific details about the threat group only now.

As one of the leading experts in product security with over 15 years of experience in security engineering and 120 cybersecurity patents under his belt, Adam Boulton is one of the most experienced software security professionals in the industry. Currently the SVP of Security Technology and Innovation at Cybellum, the Left to Our Own Devices podcast invited Adam Boulton to share his experience and his tips on building a product security strategy.

US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security - a title that is not quite as simple it seems. The Order and explanatory statement point out that commercial spyware has been used by authoritarian regimes to target activists and journalists, has been deployed without proper authority in democracies, and poses a security risk to the US and other nations.

The New York Times is reporting that a US citizen's phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta's security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. "Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability in Progress Telerik user interface for ASP.NET AJAX, located in the agency's Microsoft Internet Information Services web server," the joint advisory said.

A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service servers. The announcement, titled "350 GB from US Marshal Service law enforcement confidential information," was added earlier today using an account registered yesterday afternoon.

Last year, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting a critical. According to a joint advisory issued today by CISA, the FBI, and MS-ISAC, the attackers had access to the server between November 2022 and early January 2023 based on indicators of compromise found on the unnamed federal civilian executive branch agency's network.

The US Attorney's Office for the district alleged Sagar Steven Singh and Nicholas Ceraolo had not only blackmailed victims using their personal info by threatening to post it on a public-facing website, but they also made "Emergency requests" to social media companies asking for information about users. It might interest readers to know that Twitter, for example, had 11,500 requests for information on 28,000 accounts worldwide from government and law enforcement officials from July to December 2021.

According to the Monetary Authority of Singapore, trade barriers between US and China have resulted in geoeconomic fragmentation and will likely result in slower global growth and higher inflation. Speaking at the at the IMAS-Bloomberg Investment Conference on Thursday, MAS managing director Ravi Menon said tensions between the US and China have not only affected the two countries, but global trade patterns and supply chains as well.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.