Roller Coaster
I read, watch, listen, learn, try-fail-try-succeed, teach, share, and create for security each day. I want to share my week's highlights via this newsletter, hoping they might trigger an action to create a more secure, diverse and inclusive world.
The security journey is never an easy one - every day is a roller coaster ride.
News that caught my eye last week
Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company said in an advisory.
Voting for the next leader of the Conservative Party and Prime Minister has been delayed following warnings from the NCSC that voting processes could be exploited by malicious actors including foreign states.
A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.
'Overseas' DDoS attack takes down Taiwan Presidential Office's website on eve of visit by US Speaker Nancy Pelosi.
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app.
The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.
The developer who found the vulnerability requested developers sign their revisions with the GPG key to ensure all their revisions on the project can be verified.
Let's put our thinking hats on...
UK's latest (legal) position on the use of offensive cyber operations and how it needs to speak more about what states can do, as much as offer more detail on its National Cyber Force is discussed in this post.
Cybersecurity is a $60 billion industry, and it continues to grow year over year. Most companies are careful to take extreme precautions to keep their sensitive data, and that of their employees, protected. But when you combine the rise of remote work over the last decade with a global pandemic, how do you manage cybersecurity?
Standards, frameworks, legislation, regulation and more
NIST has begun the process to update the NIST Cybersecurity Framework to keep pace with the evolving cybersecurity landscape. The CSF was originally developed during a year-long, collaborative process where NIST served as a convener for industry, academia, and government stakeholders—and this collaboration continues to be a priority today as NIST proceeds toward CSF 2.0.?
The Blueprint for Ransomware Defense is a set of actionable and achievable Safeguards aimed at small- and medium-sized enterprises (SMEs). It is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken to protect against and respond to ransomware and other common cyber attacks.?
The publicly-traded adtech company said in a financial filing today that it has been hit with a proposed fine of roughly $65.4m for alleged breaches of the EU’s sweeping General Data Protection Regulation (GDPR). The news comes some two years after France’s data privacy body Commission Nationale de l’Informatique et des Libertés (CNIL) launched an investigation into the company’s data practices.
Statistics, reports, surveys, benchmarks and more
领英推è
The report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. Based on the findings, ransomware has adapted and evolved, becoming more efficient and causing more devastating attacks.
18 per cent of young adults in the UK, almost a fifth of 18-24-year-olds said they have personally been a victim of identity fraud in the last 12 months compared to just three per cent of adults aged 55 and over. Across the UK, Spain, France and Germany, young adults were also more likely to be identity fraud victims – 13 per cent of 18-to-24-year-olds compared to four per cent of people aged 55 and over.
The Federal Reserve Board (Fed) published its annual Cybersecurity and Financial System Resilience report describing measures it has taken to strengthen cybersecurity in the financial services sector, including the supervision and regulation of financial institutions and third-party service providers.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats.?The list is made up of malware that has evolved over the past 10 years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools.?
Many security teams are still trying to get to grips with the realization that APIs are just as susceptible to exploitation as weaknesses on servers or networks, and struggling to maintain up-to-date inventories of APIs and vulnerabilities in the environment.
Careers, Women in Security, Inclusion & Diversity and more
The evolution of the CISO role indicates a sorely needed shift in perception of the concept of cybersecurity.
The society has often instructed women on what they can and cannot say, which careers to pursue and where to belong. Despite the changing world, technological advancements, and progress in living standards, women still face many obstacles in their professional lives.?
Underrepresented groups may be able to penetrate the tech industry amid the increasing need to address significant workforce gaps in cybersecurity.
The White House now has a point person to carry out its pledge to expand diversity in the cyber workforce.?Camille Stewart Gloster, a Google executive, was hired to head up Biden administration efforts to develop the nation’s ecosystem for tech talent, including building a more diverse cyber workforce and strengthening cyber education.
Interesting stories of the week
Nine years ago he accidentally threw away the 51-digit passcode and without it he will never be able to access any of them. That digital key is on a laptop hard drive he believes is currently buried somewhere in 110,000 tons of rubbish in a nearby landfill, now grassed over.
Police allege that a teenager living in the suburbs of Brisbane created and sold a sophisticated hacking tool used by domestic violence perpetrators and child sex offenders to spy on tens of thousands of people across the globe – and then used the proceeds to buy takeaway food.
An initial $2.3 million hack of the Nomad crypto token bridge opened the doors to a swarm of coin-hungry users who drained the entire platform of $190 million.
A 21-year-old French student, has been jailed for two months in Morocco at the request of US authorities on suspicion of being a member of a group of cybercriminals who have targeted US companies.
The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks.
Upcoming events
- Gartner Security & Risk Management Summit - 12 – 14 September 2022 -?https://www.gartner.com/en/conferences/emea/security-risk-management-uk
- International Cyber Expo - 27th/28th September 2022 -?https://www.internationalcyberexpo.com
- IRISSCERT Annual Cybercrime Conference 2022 - 10 November 2022 -?https://www.eventbrite.ie/e/irisscert-annual-cybercrime-conference-2022-tickets-383323269217
- Cyber Security and Cloud Expo - 1-2 December 2022 -?https://www.cybersecuritycloudexpo.com/global/
Thank you for reading this newsletter
Sources for visual materials: Adobe Stock, Unsplash (and yes, you are right, I am deliberately selecting visual material with women).
Cybersecurity Influencer | Advisor | Author | Speaker | LinkedIn Top Voice | Award-Winning Security Leader | Awards Judge | UN Women UK Delegate to the UN CSW | Recognised by Wiki & UNESCO
2 å¹´So much value included in here Sema Yuce & it would have taken a chunk of time to collate it. Thanks for sharing it.