02
Aug
Quantum computing: Will it break crypto security within a few years?
Current cryptographic security methods watch out – quantum computing is coming for your lunch.
Read More
02
Aug
Performance and security clash yet again in “Collide+Power” attack
by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register a vanity domain name for it, build it a custom website, and design it a special logo. This time, the…
Read More
02
Aug
Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
Software giant Microsoft on Wednesday sounded an alarm after catching a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from Redmond’s Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR) and has been caught targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.…
Read More
01
Aug
Firefox fixes a flurry of flaws in the first of two releases this month
by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon that makes the moon seem blue, in case you ever wondered), there will be a blue Firefox too. Firefox version…
Read More
01
Aug
Forgepoint Capital Places $15M Series A Bet on Converge Insurance
Venture capital outfit Forgepoint Capital has placed another bet in the cyber-insurance sector, leading a $15 million funding round for New York tech startup Converge Insurance. The $15 million Series A investment is Forgepoint’s second push into the cyber-insurance sector following last year’s incubation of Surefire Cyber, a startup selling incident response services specifically to cyber insurers, brokers and legal firms. Converge Insurance describes itself as a modern managing general agent (MGA) that fuses cyber…
Read More
31
Jul
SEC demands four-day disclosure limit for cybersecurity breaches
by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of preventing the sort of unregulated speculation that led to what became known as Black Thursday, the infamous Wall Street crash…
Read More
31
Jul
US Gov Rolls Out National Cyber Workforce, Education Strategy
The Biden administration on Monday rolled out its first-ever National Cyber Workforce and Education Strategy (NCWES), announcing a series of “generational investments” to address immediate and long-term cyber workforce needs. The new strategy seeks to transform cyber education in K-12 schools, community colleges and technical schools, invest in teachers and cyber education systems and make training more accessible and affordable. “Filling the hundreds of thousands of cyber job vacancies across our nation is a national…
Read More
29
Jul
Is backdoor access oppressive? – Week in security with Tony Anscombe
Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?
Read More
28
Jul
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications
New guidance from the Australian Cyber Security Centre (ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) warns developers, vendors, and organizations of access control vulnerabilities in web applications. Described as insecure direct object reference (IDOR) issues, they allow threat actors to read or tamper with sensitive data via application programming interface (API) requests that include the identifier of a valid user. These requests are successful because the authentication or…
Read More
28
Jul
In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…
Read More