My Shared Links — Weeks 29–30/2022
--
Collection of the resources and links I have found insightful and shared during weeks #29 and #30 of 2022 (combined weeks due to holidays season 🌴)
North Korean Attackers Use Malicious Browser Extension to Steal Email
The Kimsuky attack group based in North Korea has been deploying a malicious browser extension for Chrome and Edge that is capable of stealing email content from open Gmail sessions and replacing the victim’s browser preference files.
The extension has been in use for nearly a year and Kimsuky is using it as a post-exploitation tool to maintain persistence on the victim’s machine.
What’s New in the 2022 Cost of a Data Breach Report
The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published IBM Security 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020.
New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach.
iPad Theft Is Reminder That Devices Still Cause PHI Breaches
An iPad stolen from a Los Angeles hospital is a reminder that mobile device mishaps can still lead to breaches affecting tens of thousands of patients — and that good security is no guarantee of patient #privacy unless humans cooperate.
Incidents involving encrypted devices are generally not considered reportable HIPAA breaches, and the stolen iPad was indeed encrypted by default.
