Security News

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. Plus, 57% of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

While the digitalization of manufacturing operations provided transformational opportunities and greater efficiency and sustainability, it also connected manufacturing environments and infrastructures that operated historically as isolated silos with limited external connectivity. How do cyber threats in the manufacturing sector differ from those in other industries, and what unique challenges do manufacturers face in implementing cybersecurity measures?

Japan is also revising its cyber security strategy according to Nikkei. Japan's Aerospace Exploration Agency announced last week it has started conceptualizing a satellite refueling service with private Japanese orbital debris removal company, Astroscale.

The European Commission on Thursday proposed a cyber defense policy in response to Europe's "Deteriorating security environment" since Russia illegally invaded Ukraine earlier this year. This will include establishing an EU Cyber Defence Coordination Centre, encouraging member states to more actively participate in Military Computer Emergency Response Teams, while building a similar network for civilian cyber incident responders, according to a joint communication [PDF] to the European Parliament and Council.

Japan's Ministry of Defence announced on Friday that it has formally joined NATO's Cooperative Cyber Defense Centre of Excellence. The CCDCOE is recognized as an international military organization and cyber defence hub focusing on research, training and exercises, like its yearly red team versus blue team cyber war game, Locked Shields.

Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use of an unwitting party's compute and/or server power by a malicious actor to mine cryptocurrencies.

As schools have become more digital, they've taken a somewhat backward approach to cybersecurity, historically moving slowly, and have weak cybersecurity controls and protocols. In this Help Net Security video, Raj Dodhiawala, CEO at Remediant, talks about how this situation is due to longer cycles for IT budgetary and staffing processes, a higher turnover rate, and lower continuity in IT security projects and skills.

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "One of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator. The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.

Today's threat landscape is constantly evolving. Threat actors and tactics are becoming more determined and advanced.

China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities - all with the help of Chinese tech vendors. That's a nod to accusations that China practices what's been labelled "Debt trap diplomacy" whereby development assistance comes with repayment plans small nations may not be able to afford.