Browser-in-the Browser | Breaking Cybersecurity News | The Hacker News

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is  tracking  the cluster under the name  ARCHIPELAGO , which it said is a subset of another threat group tracked by Mandiant under the name  APT43 . The tech giant said it began monitoring the hacking crew in 2012, adding it has "observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues." The priorities of APT43, and by extension ARCHIPELAGO, are said to align with North Korea's Reconnaissance General Bureau (RGB), the primary foreign intelligence service, suggesting overlaps with a group broadly known as  Kimsuky . "ARCHIPELAGO represents a subset of activity that is commonly known as Kimsuky," Google TAG told The Hacker News. "

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x on Twitter, the method takes advantage of third-party single sign-on ( SSO ) options embedded on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft). While the default behavior when a user attempts to sign in via these methods is to be greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window. "Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable," mrd0x  said  in a technical write-up publ

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,