Week in review: New LTE attacks, common API vulnerabilities, risk management trends

Here’s an overview of some of last week’s most interesting news:

Four common API vulnerabilities and how to prevent them
One of the main purposes of an API is to help developers get things done—and no one wants to work with a locked-down tool whose security mechanisms get in the way of productivity. An API is worthless if developers aren’t consuming it, so ease-of-use is important.

Dramatic increase in cryptocurrency money laundering
Three times more cryptocurrency was stolen from exchanges in the first half of 2018 than in all of 2017, according to CipherTrace. These dirty funds all need to be “laundered,” which results in a multi-billion-dollar and growing cryptocurrency money laundering problem that is attracting the attention of regulators globally.

Check your printers for leftover GDPR-regulated PII
GDPR-regulated data may be lurking in unexpected pockets of an organization. Among the less obvious and often overlooked places where PII can be found is the fleet of multi-function printers scattered across the enterprise.

Top six security and risk management trends
Business leaders are becoming increasingly conscious of the impact cybersecurity can have on business outcomes. Gartner said that security leaders should harness this increased support and take advantage of six emerging trends, to improve their organization’s resilience while elevating their own standing.

New LTE attacks can reveal accessed websites, direct victims to malicious sites
Three new attacks against the LTE 4G wireless data communications technology have been pinpointed by researchers from Ruhr-University Bochum and New York University Abu Dhabi.

The modern CSO: Future-proofing your organization in a disruptive world
There are three essential skill sets a modern day CSO must have. The first is knowledge of the business to better align a security strategy to company objectives without being a blocker to innovation. The second is technical breadth. Third and most important is evangelism.

Four tips for keeping security worries away this summer
As the summer weather heats up, so does the desire to cut out of the office early and finish the workday from the park, a local pub patio or maybe the family cottage. There are a couple of steps organizations can take to keep remote employees happy, while maintaining security.

New insider attack steals passwords by reading thermal energy from keyboards
After entering a password, your regular computer keyboard might appear to look the same as always, but a new approach harvesting thermal energy can illuminate the recently pressed keys, revealing that keyboard-based password entry is even less secure than previously thought.

How connected and secure is the modern workplace?
In collaboration with Microsoft, Ingram Micro Cloud UK commissioned market research firm YouGov to survey 1,000 workers employed by small and mid-size businesses with 50 to 250 employees in the UK, to understand what they want from the modern workplace and how well-placed businesses are to satisfying their requirements.

Consumers still happy to exchange data with businesses if there’s a benefit
Globally, 51% of consumers are still happy to exchange their data with businesses, as long as there is a clear benefit for doing so. This is despite 74% having some degree of concern about their online privacy.

Are privacy and personal identity impossible to protect?
While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.

OneLogin and Cloudflare collaboration eliminates the need for VPNs
OneLogin and Cloudflare announced an integration and partnership to enable zero-trust authentication across SaaS and on-premise applications, eliminating the need for VPNs.

Cybersecurity remains non-core competency for most C-suite executives
Whilst cybersecurity has now become a critical business function, it remains a non-core competence for a significant number of boards. CISOs have become increasingly common in recent years (recent research suggests that nearly two-thirds of large US companies now have a CISO position), but the majority do not report directly to the CEO, which reduces their effectiveness.

Shift to microservices and continuous software delivery puts pressure on DevOps observability
A Scalyr report, based on a survey of 155 software development practitioners, finds that organizations are shifting away from traditional, monolithic architectures, with three-quarters of survey respondents delivering at least some of their applications and more than one-third delivering most of their applications as microservices.