Cybersecurity Institute News Roundup 2 Dec 2024
Welcome to this week’s Cybersecurity Institute News Roundup, a weekly overview of the some of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. In this week’s roundup we look into how the story of Chinese telecom hacking is gathering steam, NIST updating its password guidance, the German Chancellor citing Russia and China as severe cyber threats, the evolution of digital wallets, Russia indicting the suspected hacker behind LockBit, the prediction of Global IDV spending topping $26B by 2029, availability of 30 million authentication cookies for sale on the darkweb - effectively bypassing 2FA, and how 23 EU members have missed the NIS2 deadline.
?
US officials now believe that Chinese hackers have breached at least eight telecom providers and that some bad actors are still operational in these networks. On a related note, CISA and FBI have issued specific guidance to securing communications infrastructure:
?
German Chancellor Olaf Sholz has called out Russia and China as a “severe threat” to the country’s cybersecurity and infrastructure:
?
Key takeaways from NIST’s updated password guidance include enforcing password length over complexity, avoiding frequent password changes, and discontinuing the use of password hints and other knowledge-based recovery tools:
?
Digital wallets are evolving beyond payments to manage identity and credentials, with adoption growing globally. Payments remain the primary use case, but Europe leads in non-financial uses like ID storage, driven by programs like EUDI wallets. Competition (“wallet wars”) involves big tech, banks, and retailers leveraging wallets for loyalty and data. Future success depends on interoperable networks for scaling. While adoption rises, user confusion persists, and untapped potential exists in areas like ticketing and ID verification. Wallets are shaping the future of payments and digital identity:
?
领英推荐
A Russian hacker affiliated with ransomware groups LockBit, Hive, and, Babuk has been charged by Russian officials. The accused hacker, Mikhail Pavlovich Matveev also known as Wazawaka, has also been wanted by US authorities for his ransomware activities since 2023:
?
Juniper Research forecasts global identity verification (IDV) spend will reach $26B by 2029, up from $15.2B in 2024, with biometrics leading the way:
?
Bad actors buy cookie grabber pages on the darkweb to be able to collect cookies from unsuspecting users’ browsers and social media platforms. And of the 54 billion cookies for sale, 30 million are authentication cookies giving a hacker full access to a user’s account or service without requiring login credentials or 2FA codes:
?
The EU Network and Information Security 2 (NIS2) Directive imposes cybersecurity risk management and incident reporting obligations for organizations operating in such critical sectors as finance, energy, and IT. The EC has issued formal notice to 23 member countries including France, Germany, and Ireland for failing to meet the October 17th deadline to transpose NIS2 into national law:
?
Be sure to share your thoughts on these stories in the comments and let us know what articles have caught your eye recently?