Security News > 2022 > July

While API gateways play a vital role in API management and API delivery, they provide a variety of core functionality for API security. It might be tempting to adhere to API gateway alone to meet security objectives.

51% of industrial organizations believe that the number of cyber attacks on smart factories is likely to increase over the next 12 months, according to the Capgemini Research Institute. "The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset. The increased attack surface area and number of operational technology and Industrial Internet of Things devices make smart factories a prominent target for cyber criminals. Unless this is made a board-level priority, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite," said Geert van der Linden, Cybersecurity Business Lead at Capgemini.

The number of UK organisations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year. Only 2% do not currently see encryption as a priority.

The developer of the AstraLocker ransomware code is reportedly ceasing operations and turning attention to the far simpler art and crime of cryptojacking. The developer of AstraLocker posted a ZIP folder containing decryptors for the AstraLocker ransomware via VirusTotal, which Bleeping Computer said are legit.

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks said.

The US National Institute of Standards and Technology has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits - quantum bits - that a quantum machine can muster, and other factors, such as error correction.

The US National Institute of Standards and Technology has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits - quantum bits - that a quantum machine can muster, and other factors, such as error correction.

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

The US Department of Defense has created a broad but short bug bounty program for vulnerabilities in public-facing systems and applications. The Hack US program kicked off on Independence Day and is scheduled to run though July 11, with reward totals reflected by the severity of the flaws.

Microsoft has expanded its confidential computing offering and now allows Azure cloud computing service customers to create hardware isolated virtual machines with Ephemeral OS disks. With this new public preview feature, Azure customers can create ephemeral OS disks only on the local VM storage, thus ensuring that data remains 100% confidential since it will never be sent to remote Azure Storage.