Tuesday, September 27, 2022

Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market

Funding has been somewhat lower than last year, but investment remains healthy, analysts say, amid thirst for cloud security in particular.

Russia Planning Cyberattacks on Ukraine's Energy Grid

Ukraine military intelligence says Russia is planning cyberattacks on the country's energy sector, as well as against allies including Poland and the Baltic states.

Cyber Threat Alliance Extends Membership to 6+ Leading Cybersecurity Companies

CTA now has 36 members headquartered in 11 countries who follow cyber activities across the world, showing cybersecurity industry members realize the value in collaboration.

Samsung Fails Consumers in Preventable Back-to-Back Data Breaches, According to Federal Lawsuit

Company unnecessarily collected consumers' personal data and failed to safeguard it, suit alleges, leading to two back-to-back data breaches.

How Quantum Physics Leads to Decrypting Common Algorithms

YouTuber minutephysics explains how Shor's algorithm builds on existing formulae like Euclid's algorithm and Fourier transforms to leverage quantum superpositioning and break encryption.

Should Hacking Have a Code of Conduct?

For white hats who play by the rules, here are several ethical tenets to consider.

We're Thinking About SaaS the Wrong Way

Many enterprise applications are built outside of IT, but we still treat the platforms they're built with as point solutions.

App Developers Increasingly Targeted via Slack, DevOps Tools

Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

Cyberattackers Compromise Microsoft Exchange Servers Via Malicious OAuth Apps

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

How Europe Is Using Regulations to Harden Medical Devices Against Attack

Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack.

Neglecting Open Source Developers Puts the Internet at Risk

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.

Mitigating Risk and Communicating Value in Multicloud Environments

Protecting against risk is a shared responsibility that only gets more complex as you mix the different approaches of common cloud services.

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group

Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.

Developer Leaks LockBit 3.0 Ransomware-Builder Code

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.

CircleCI, GitHub Users Targeted in Phishing Campaign

Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.
The Register

Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…

BrandPost: Extortion Economics: Ransomware’s New Business Model

Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...

Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats

Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.

Zoho ManageEngine flaw is actively exploited, CISA warns

A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...