Security News > 2022 > February

Report: Pretty much every type of cyberattack increased in 2021. SonicWall's 2022 Cyber Threat Report has come to some alarming, but likely unsurprising, conclusions: Pretty much every category of cyberattack increased in volume over the course of 2021.

If the British government fails to persuade the tech titans to back away from implementing end-to-end encryption in messaging apps then its next tactic will be to try to mobilize public opinion against it by claiming the technology puts society in moral peril. The public probably doesn't like the idea of abusers hiding behind encryption, but many folks are equally suspicious of the government's motives.

Multiple Chrome browser extensions make use of a session token for Meta's Facebook that grants access to signed-in users' social network data in a way that violates the company's policies and leaves users open to potential privacy violations. Security researcher Zach Edwards last week noted that Brave had blocked a Chrome extension called L.O.C. out of concern it exposed the user's Facebook data to a third-party server without any notice or permission prompt.

The UK government is claiming a record year for revenue in the cybersecurity sector saying the industry generated £10.1bn. The figure represents a 14 per cent increase on last year, when total revenue generated by the sector was £8.9bn, according to figures from the Department for Digital, Culture, Media and Sport. It said 1,800 cybersecurity firms contributed around £5.3bn to the UK economy in 2021, rising by a third on the previous year from £4bn - the largest increase since the report began in 2018.

CISOs report to CEOs, CIOs, CTOs and more, and the skills needed depend on the nature of the business and who they report to. Reporting lines do not dictate power or the value of a role, but when most CISOs are still reporting to a technical leader - this limits the ability to be strategic and dilutes value.

Supply chain security is no easy task, and no single entity has end-to-end control. One company, stage, or process with insufficient security makes the entire chain more vulnerable to hackers and can open up a huge amount of risk when we consider the size and value of global chains that span many countries.

Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada, BMO, Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce.

Tom Hickman, Chief Product Officer, ThreatX. API security is a hot topic in the industry today, but choosing the right API security solution is proving difficult for many organizations. Protocol level: Validating the API is not being abused in terms of overutilization or quota abuse generally requires proxied inspection of API requests and potentially using an API gateway to manage API business requirements.

A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed in the future will continue to rise year-over-year.

Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. After beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit.