Security News > 2021 > September
While organizations recognize third-party threats expose them to great risk, many organizations fail to take adequate measures to mitigate it. Current third-party risk prevention strategies leave organizations vulnerable.
Private sector remaining skeptical about govt's ability to mitigate cyber threats. Despite recent interventions into cybersecurity issues, executives lack faith in the government's ability to protect them from cyber threats, with 60% of organizations believing that spending on new security tools and services is the most effective way of stopping attacks.
Axis Security and ESG unveiled a quantitative survey research of more than 600 cybersecurity, networking, and IT professionals in North America, UK, France, and Germany who are focused on their organizations SASE initiatives. Among early SASE adopters, 58% indicated ZTNA was a starting point - likely due to the fact that supporting hybrid work and remote employees are among the top use cases for SASE. Related, 79% have accelerated their plans for SASE adoption as a result of the pandemic.
A survey of C-level executives released by CloudBees reveals high confidence levels in software supply chain security but a limited understanding of the essential components that make a software supply chain secure. Executives overwhelmingly claim their software supply chains are secure or very secure and 93% say they are prepared to deal with an issue such as ransomware or a cyberattack on their supply chain.
Communication Service Providers are making AI deployments an immediate priority to improve service experience for customers and reduce operational costs, an Anodot survey reveals. "Instead of waiting for next generation 5G network deployments to invest in AI, the majority of CSPs are already deploying AI on 4G networks now, the infrastructure most of their customers still use," said Anodot CEO David Drai.
EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims," Kaspersky researchers said.
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled. Apple Pay solved the problem with Express Transit, a feature that allows a transaction to go through without unlocking the device.
Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "Reason for the search was not yet clear," adding "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world."
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline or the 87,000 Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. As the advisory from the NSA and CISA explained, exploiting CVEs associated with VPNs can enable a malicious actor "To steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."