AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/06/2023

Hackers posed as reporters in attacks on North Korea experts, Google says 

Government-backed hackers allegedly connected to the North Korean military targeted people with expertise in North Korea policy issues by posing as journalists, according to a new report. Researchers from Google’s Threat Analysis Group (TAG) released the report Wednesday as a follow-up to one published last week by cybersecurity firm Mandiant — which is owned by Google. Mandiant’s report highlighted the work of APT43, a group of alleged North Korean government hackers that have spent years running espionage campaigns targeted at government and business organizations in South Korea and the U.S. 

 

Scareware: A Story 

After thirty years of working hard, Deborah had saved enough money to retire with her husband. Wanting to review her retirement accounts, she typed in the name of her bank into her browser. What she did not realize is she had mistyped the bank name, taking her to a different website that immediately displayed a scary warning banner that claimed her computer was infected and instructed her to call tech support immediately. The pop-up warning was very professional. It detailed which malware infected her computer, had an official company logo, and provided an emergency number for her to call. 

 

Google will require that Android apps let you delete your account and data 

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. The move is meant to “better educate” users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won’t have to reinstall an app just to purge your info. 

 

Two-Fifths of IT Pros Told to Keep Breaches Quiet 

Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from BitdefenderThe security vendor polled 400 IT professionals, from IT junior managers to CISOs across various industry sectors, in organizations with over 1000 employees. The resulting report, Bitdefender 2023 Cybersecurity Assessment, found that over half (52%) had suffered a data breach or leak over the previous 12 months, rising to 75% in the US. The US also topped the list in terms of the share of respondents who claimed they’d been told to keep a breach secret (71%). In all other countries surveyed (France, Italy, Germany, Spain and the UK), the figure was under the global average. 

 

Spanish Police Arrest ‘Dangerous’ Teenage Hacker 

The Spanish National Police arrested Friday a teenager hacker who allegedly stole the sensitive data of more than half a million taxpayers from the national revenue service and boasted in an online podcast about having access to the personal data of 90 percent of the population. Spanish authorities arrested 19-year-old José Luis Huertas of Madrid, who they say posed “severe national security risk,” after he allegedly penetrated in October a centralized file transfer system linking the judiciary with executive branch agencies, including the tax administration agency. 

Related Posts