Roller Coaster
@semayuce

Roller Coaster

I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my week's highlights via this newsletter, hoping they might trigger an action to create a more secure, diverse and inclusive world.

The security journey is never an easy one - every day is a roller coaster ride.

News that caught my eye last week

No alt text provided for this image

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company said in an advisory.

NCSC security warning delays UK’s Conservative Party leadership vote

Voting for the next leader of the Conservative Party and Prime Minister has been delayed following warnings from the NCSC that voting processes could be exploited by malicious actors including foreign states.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

German Chambers of Industry and Commerce hit by 'massive' cyberattack

The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.

Taiwan Presidential Office website hit by ‘overseas’ DDoS attack

'Overseas' DDoS attack takes down Taiwan Presidential Office's website on eve of visit by US Speaker Nancy Pelosi.

Over 3,200 apps leak Twitter API keys, some allowing account hijacks

Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app.

BlackCat ransomware claims attack on European gas pipeline

The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.

GitHub faces widespread malware attacks affecting projects, including crypto

The developer who found the vulnerability requested developers sign their revisions with the GPG key to ensure all their revisions on the project can be verified.

Let's put our thinking hats on...

No alt text provided for this image

A Frontier Without Direction? The UK’s Latest Position on Responsible Cyber Power

UK's latest (legal) position on the use of offensive cyber operations and how it needs to speak more about what states can do, as much as offer more detail on its National Cyber Force is discussed in this post.

How Do You Manage Cybersecurity With Employees Across the Globe?

Cybersecurity is a $60 billion industry, and it continues to grow year over year. Most companies are careful to take extreme precautions to keep their sensitive data, and that of their employees, protected. But when you combine the rise of remote work over the last decade with a global pandemic, how do you manage cybersecurity?

Standards, frameworks, legislation, regulation and more

No alt text provided for this image

Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop 1

NIST has begun the process to update the NIST Cybersecurity Framework to keep pace with the evolving cybersecurity landscape. The CSF was originally developed during a year-long, collaborative process where NIST served as a convener for industry, academia, and government stakeholders—and this collaboration continues to be a priority today as NIST proceeds toward CSF 2.0.?

Blueprint for Ransomware Defense - Ransomware Task Force (RTF)

The Blueprint for Ransomware Defense is a set of actionable and achievable Safeguards aimed at small- and medium-sized enterprises (SMEs). It is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken to protect against and respond to ransomware and other common cyber attacks.?

Criteo hit with a proposed $65m fine for GDPR violations, says it ‘disagrees’ with findings

The publicly-traded adtech company said in a financial filing today that it has been hit with a proposed fine of roughly $65.4m for alleged breaches of the EU’s sweeping General Data Protection Regulation (GDPR). The news comes some two years after France’s data privacy body Commission Nationale de l’Informatique et des Libertés (CNIL) launched an investigation into the company’s data practices.

Statistics, reports, surveys, benchmarks and more

No alt text provided for this image

ENISA Threat Landscape for Ransomware Attacks

The report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. Based on the findings, ransomware has adapted and evolved, becoming more efficient and causing more devastating attacks.

Young People Are the Most Afraid of Their Personal Info Being Sold Online

18 per cent of young adults in the UK, almost a fifth of 18-24-year-olds said they have personally been a victim of identity fraud in the last 12 months compared to just three per cent of adults aged 55 and over. Across the UK, Spain, France and Germany, young adults were also more likely to be identity fraud victims – 13 per cent of 18-to-24-year-olds compared to four per cent of people aged 55 and over.

Fed Reports on Cybersecurity and Financial System Resilience

The Federal Reserve Board (Fed) published its annual Cybersecurity and Financial System Resilience report describing measures it has taken to strengthen cybersecurity in the financial services sector, including the supervision and regulation of financial institutions and third-party service providers.

Revealed: The top 11 malware strains you need to worry about

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats.?The list is made up of malware that has evolved over the past 10 years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools.?

94% of survey respondents experienced API security incidents in 2021

Many security teams are still trying to get to grips with the realization that APIs are just as susceptible to exploitation as weaknesses on servers or networks, and struggling to maintain up-to-date inventories of APIs and vulnerabilities in the environment.

Careers, Women in Security, Inclusion & Diversity and more

No alt text provided for this image

Cybersecurity on the board: How the CISO role is evolving for a new era

The evolution of the CISO role indicates a sorely needed shift in perception of the concept of cybersecurity.

Biggest Career Hurdles Women Tech Professionals Face in 2022 and How to Overcome Them

The society has often instructed women on what they can and cannot say, which careers to pursue and where to belong. Despite the changing world, technological advancements, and progress in living standards, women still face many obstacles in their professional lives.?

Cybersecurity could bolster representation in tech

Underrepresented groups may be able to penetrate the tech industry amid the increasing need to address significant workforce gaps in cybersecurity.

White House cyber hire highlights diversity challenges in tech workforce

The White House now has a point person to carry out its pledge to expand diversity in the cyber workforce.?Camille Stewart Gloster, a Google executive, was hired to head up Biden administration efforts to develop the nation’s ecosystem for tech talent, including building a more diverse cyber workforce and strengthening cyber education.

Interesting stories of the week

No alt text provided for this image

IT expert who accidentally threw his £153m Bitcoin fortune in the bin is barred from searching for the hard drive at his local landfill

Nine years ago he accidentally threw away the 51-digit passcode and without it he will never be able to access any of them. That digital key is on a laptop hard drive he believes is currently buried somewhere in 110,000 tons of rubbish in a nearby landfill, now grassed over.

Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege

Police allege that a teenager living in the suburbs of Brisbane created and sold a sophisticated hacking tool used by domestic violence perpetrators and child sex offenders to spy on tens of thousands of people across the globe – and then used the proceeds to buy takeaway food.

Nomad Says Hackers Can Keep 10% of Stolen Crypto if They Return the Rest

An initial $2.3 million hack of the Nomad crypto token bridge opened the doors to a swarm of coin-hungry users who drained the entire platform of $190 million.

French hacker wanted by the FBI arrested in Morocco, could face 116 years in prison

A 21-year-old French student, has been jailed for two months in Morocco at the request of US authorities on suspicion of being a member of a group of cybercriminals who have targeted US companies.

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages

The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks.

Upcoming events

Thank you for reading this newsletter

Sources for visual materials: Adobe Stock, Unsplash (and yes, you are right, I am deliberately selecting visual material with women).

Jane Frankland MBE ?

Cybersecurity Influencer | Advisor | Author | Speaker | LinkedIn Top Voice | Award-Winning Security Leader | Awards Judge | UN Women UK Delegate to the UN CSW | Recognised by Wiki & UNESCO

2 年

So much value included in here Sema Yuce & it would have taken a chunk of time to collate it. Thanks for sharing it.

要查看或添加评论,请登录

Sema Yuce的更多文章

  • Roller Coaster

    Roller Coaster

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

  • Roller coaster

    Roller coaster

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

    2 条评论
  • Roller coaster - 20 June 2022

    Roller coaster - 20 June 2022

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

  • Roller coaster - 12 June 2022

    Roller coaster - 12 June 2022

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

  • Roller coaster - 29 May 2022

    Roller coaster - 29 May 2022

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

    1 条评论
  • Roller coaster - 23 May 2022

    Roller coaster - 23 May 2022

    I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my…

    4 条评论
  • Roller coaster

    Roller coaster

    I am reading, watching, listening, learning, trying - failing - trying - succeeding, teaching, sharing and creating for…

  • Roller Coaster

    Roller Coaster

    I am reading, watching, listening, learning, trying - failing - trying - succeeding, teaching, sharing and creating for…

  • Roller Coaster

    Roller Coaster

    I am reading, watching, listening, learning, trying - failing - trying - succeeding, teaching, sharing and creating for…

  • Roller coaster

    Roller coaster

    I am reading, watching, listening, learning, trying - failing - trying - succeeding, teaching, sharing and creating for…

社区洞察

其他会员也浏览了