This Week in Security: APTs Uncovered, Privacy Guides, and Authentication Woes

DOJ Indicts Chinese APT3 Hackers

The APT3 threat actor has been compromising targets for years, but they may have hit a stumbling block recently. The U.S. Department of Justice has indicted 3 employees of Boyusec, a Chinese cybersecurity firm that months ago was alleged to be the group known publicly as APT3.

This isn’t the first time that the U.S. has charged individuals for their participation in Chinese cyber-espionage, and like last time, the charges all stem from attacking corporate targets and allegedly stealing sensitive information that would be beneficial to competitors.

Similarly, the DOJ has also indicted an Iranian national on hacking charges, though not as clearly linked to state operations.

Yet Another Privacy Guide!

Every day there seems to be a new cloud-connected device, or “free” service to make our lives more convenient for the small fee of some precious personal data. There also seems to be a new breach every day, where that very same precious data is leaked to the online underworld. People have understandably grown quite concerned about their privacy and how to preserve it from greedy services, digital crooks, and state surveillance.

Luckily there are a lot of tools and techniques available, as well as information on how to select and use them. Most recently, Motherboard published a run-down of privacy tools and processes that are certainly of interest to journalists and activists. Another good resource which predates Motherboard’s is the EFF’s Surveillance Self Defense guide, delivering privacy concepts and tutorials in accessible packaging.

Awareness of tools and techniques and when to use them is a major issue for the non-expert, so more accessible guides that can reach different people are good to see, such as Teen Vogue’s guide to secure messaging.

Also of note is how many privacy-oriented (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: https://threatmatrix.cylance.com/en_us/home/this-week-in-security-12-01-2017.html