Security News > 2022 > July

Alibaba's financial services affiliate, Ant Group, has open sourced its "Privacy-preserving Computation Framework." A "Secure Processing Unit" that offers a "Provable, measurable secure computation device, which provides computation ability while keeping your private data protected".

Malicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week. Deepfakes are synthetic media - images, audio recordings, videos - that make it look like a person has been doing and saying things they haven't done or said.

The Netherlands' Maastricht University has managed to recoup the Bitcoin ransom it paid to ransomware scum in 2019 - and has made a tidy profit on the deal. The University explained that in 2019 it suffered a ransomware attack that prevented staff and students from accessing research data, email, or library resources.

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign Dragonbridge.

A threat actor has taken to a forum for news and discussion of data breaches with an offer to sell what they assert is a database containing records of over a billion Chinese civilians - allegedly stolen from the Shanghai Police. HackerDan released sample datasets: one containing delivery addresses and often instructions for drivers; another with police records; and the last with personal identification information like name, national ID number address, height, and gender.

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. To provide organizations time to understand the changes in the new version and implement any updates needed, the current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on 31 March 2024.

In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about Shift Left, a concept that means to find and prevent defects early in the software delivery process. Shifting application security left to engage developers earlier in the software development lifecycle results in faster fixes and less wasted energy prioritizing and fixing vulnerabilities that pose little to no risk.

"People have become the primary attack vector for cyber-attackers around the world," said Lance Spitzner, SANS Security Awareness Director. "Awareness programs enable security teams to effectively manage their human risk by changing how people think about cybersecurity and help them exhibit secure behaviors, from the Board of Directors on down," said Spitzner.

As the alternative investment industry tackles a rapidly changing threat landscape, increased regulation, and a continuous need to innovate, most firms are increasing their DX and security budgets and cite security as critically important to their DX initiatives, according to IDC. Senior leaders from 400 global alternative investment institutions in U.S., Canada, France, U.K., and Germany were surveyed to understand the current state of digital transformation and cybersecurity, identify key barriers and benefits of an aligned strategy, and explore the growing role of consulting services as strategic partners. Investment in cybersecurity and digital transformation is growing, but execution in-house is decreasing with outsourcing trends increasing.