Security News > 2022 > July

NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency, is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US, including women, people of color, young adults, and military veterans and their spouses. We've asked Nelson Abbott, Senior Director of Advanced Program Operations at NPower, and Chris Starling, a US Marine Corps veteran and Assistant VP at NPower California, to tell us more about it.

The four selected encryption algorithms will become part of NIST's post-quantum cryptographic standard, expected to be finalized in about two years. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road. The quantum-resistant encryption algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022.

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30.

How do organizations make sure that cyber security and backup/recovery processes keep up with the evolution to multi-cloud? In addition, how do they ensure that the data which is being stored, accessed, and transferred between multiple clouds and on-premises data center locations meets increasingly stringent data protection and regulatory requirements? 63% believed the emergence of cloud native applications, Kubernetes containers and SaaS workloads posed a risk to data protection, primarily because they lacked adequate tools to manage data protection in so many different environments.

Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business. Unit 42's analysts assert that the malware was spotted in May 2022 and contains a malicious payload that suggests it was created using a tool called Brute Ratel.

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and...

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.

Whether it's through stolen credentials, phishing attacks, or simply user errors, people continue to pose the greatest risk to cybersecurity. While behavioral attacks are nothing new, Verizon's recently released Data Breach Investigations Report shows that it's as bad as ever, with 82% of breaches in the report involving a human element.

While API gateways play a vital role in API management and API delivery, they provide a variety of core functionality for API security. It might be tempting to adhere to API gateway alone to meet security objectives.