Week in Review: Quantum Resistant Encryption, Attackers Using Deepfakes, Patch Tuesday Predictions
Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:
Healthcare Organizations Targeted by Maui Ransomware
A lesser-known ransomware threat called Maui has and will likely continue to plague healthcare organizations, a new CISA alert warns.
Threat actors trade beacons for badgers to evade endpoint security
Unidentified cyber threat actors have begun using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, in an attempt to evade detection by endpoint security solutions and gain a foothold in target networks, the Palo Alto Networks researchers found.
Checkmate ransomware hits QNAP NAS devices
QNAP Systems warns of Checkmate, new ransomware targeting users of its network-attached storage (NAS) devices.
Attackers use deepfakes to take over remote computing tasks
Malicious individuals are using stolen personally identifiable information (PII) and voice and video deepfakes to try to land remote jobs in computing, programming, databases and software, the FBI has warned last week.
July 2022 Patch Tuesday forecast: A summer lull?
We have seen a much smaller number of CVEs processed in the past month and this trend is expected to continue into July.
CISA and NPower offer free entry-level cybersecurity training
NPower, a US-based non-profit organization that participates in a cybersecurity workforce development program launched by the Cybersecurity and Infrastructure Agency (CISA), is seeking recruits for a free training program in cybersecurity for underserved populations in the United States, including women, people of color, young adults, and military veterans and their spouses.
PCI DSS 4.0 released, addresses emerging threats and technologies
The PCI Security Standards Council (PCI SSC) has released version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a foundation of technical and operational requirements designed to protect account data.
Is the UK government prepared for its biggest threat?
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), has warned the UK government that it could fall victim to a 9/11-style cyberattack unless it faces “the ‘scale of threat’. posed by ransomware.
NIST Selects 4 Quantum Tough Encryption Algorithms
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first group of quantum-resistant encryption tools, designed to withstand the onslaught of a future quantum computer, which could potentially break the security used to protect digital privacy. the systems we rely on every day, such as online banking and email software.
Why your API gateway is not sufficient for API security?
The emergence of cloud computing architectures has caused companies to rethink the way applications are scaled. Impulses have been given to enterprises to move away from deploying complete applications via infrastructures such as virtual machines and instead adopt a microservices approach by creating APIs composed of several interoperable services.
69% of employees face more security measures in a hybrid work environment
Ivanti worked with global digital transformation experts and surveyed 10,000 office, IT and C-suite workers to assess the level of prioritization and adoption of DEX in organizations and how it is shaping experiences daily work of employees.
Imagination is the key to effective data loss prevention
Security teams have a tough job. They must manage an ever-expanding attack surface and protect huge volumes of data from malicious actors who constantly evolve their attack techniques.
People are the main vector of attack in the world
With unprecedented numbers of employees now working in hybrid or fully remote environments, compounded by increased cyber threats and a workforce more overwhelmed and fatigued by COVID-19 information, there has never been a most critical time to effectively create and sustain a cyber-safe workforce and an engaged security culture.
Malicious activities performed by insiders in enterprise applications
In this Help Net Security video, Doron Hendler, CEO of RevealSecurity, discusses the challenge of insider threats in business processes and illustrates the magnitude of the problem.
Cybersecurity is driving the digital transformation of alternative investment institutions
As the alternative investment industry grapples with a rapidly changing threat landscape, increased regulation and a continued need to innovate, most companies are increasing their DX and security budgets and citing security as critically important to their DX initiatives, according to IDC.
Applying Shift Left Principles to Third Party Risk Management
In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about the application of Shift Left, a concept created by developers to detect and prevent defects early in the software delivery process, to third-party risk management (TPRM).
Cyberattacks on law enforcement are on the rise
Resecurity, a Los Angeles-based cybersecurity firm protecting Fortune 500 companies globally, recorded an increase in malicious activity targeting law enforcement early in the second quarter of 2022.
How a Cyber Asset Management Strategy Can Help Organizations Detect Threats
In this Help Net Security video, Keith Neilson, Technical Evangelist at CloudSphere, illustrates how the key to ensuring security in these vulnerable scenarios lies in cyber asset management, which ensures that all cyber assets are accounted for, even when attacks are invisible to the user.
The connected nature of smart factories exponentially increases the risk of cyberattacks
51% of industrial organizations believe that the number of cyberattacks against smart factories will increase over the next 12 months, according to the Capgemini Research Institute.
The threat of quantum computing to sensitive data
In this Help Net Security video, Carmi Bogot, VP of Business Development at HUB Security, talks about the threat of quantum computing to sensitive data and how confidential computing could be, at least, a part of the answer.
Encryption is high on business priority lists
The number of UK organizations implementing data encryption as a core part of their cybersecurity strategy continued to grow, with 32% having introduced a standard encryption policy for all company information in the past year. Last year.
Positive trends in application security
In this Help Net Security video, Manish Gupta, CEO of ShiftLeft, talks about the positive trends in application security.
Simplifying the identification of legal persons in the digital age
In this video for Help Net Security, Karla McKenna, Managing Director and Philip Feairheller, Software Developer at the Global Legal Entity Identifier Foundation (GLEIF), review the model and technologies behind the verifiable LEI – or vLEI – a new digital identity service designed to overcome this challenge by enabling organizations around the world to make better decisions about who and what they trust when engaging in digital transactions.
Why 80% of businesses are looking to switch managed service providers
In this Help Net Security video, William Norton, Director, Channel & Alliances, MSP/CSP, CloudBolt, explains how to ride out this cloud storm and navigate cloud trust waters.
New infosec products of the week: July 8, 2022
Here’s a look at some of the hottest products from the past week, with releases from Action1, Kingston Digital, LogRhythm and Socura.