Week in review: Quantum-resistant encryption, attackers using deepfakes, Patch Tuesday forecast


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Healthcare organizations targeted with Maui ransomware
A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns.

Threat actors exchange beacons for badgers to evade endpoint security
Unidentified cyber threat actors have started using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found.

Checkmate ransomware hits QNAP NAS devices
QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage (NAS) appliances.

Attackers are using deepfakes to snag remote IT jobs
Malicious individuals are using stolen personally identifiable information (PII) and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

July 2022 Patch Tuesday forecast: A summertime lull?
We saw a much smaller number of CVEs addressed last month and that trend is expected to continue in July.

CISA and NPower offer free entry-level cybersecurity training
NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US, including women, people of color, young adults, and military veterans and their spouses.

PCI DSS 4.0 released, addresses emerging threats and technologies
The PCI Security Standards Council (PCI SSC) published version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data.

Is the UK government prepared for its greatest threat?
Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency (CISA), has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the “magnitude of the threat” posed by ransomware.

NIST selects 4 quantum-resistant encryption algorithms
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day — such as online banking and email software.

Why your API gateway is not enough for API security?
The emergence of cloud computing architectures has caused enterprises to rethink the way applications are scaled. Impetuses were put on companies to get away from deploying full-stack applications via infrastructure such as virtual machines and instead adopt a microservices approach by creating APIs composed of multiple interoperating services.

69% of employees need to deal with more security measures in a hybrid work environment
Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritization and adoption of DEX in organizations and how it shapes the daily working experiences for employees.

Imagination is key to effective data loss prevention
Security teams have a challenging job. They must manage an ever-expanding attack surface and protect huge volumes of data from bad actors who are constantly evolving their attack techniques.

People are the primary attack vector around the world
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture.

Malicious activities insiders perform in enterprise applications
In this Help Net Security video, Doron Hendler, CEO at RevealSecurity, discusses the insider threat challenge in business processes, and illustrates the depth of the problem.

Cybersecurity is driving digital transformation in alternative investment institutions
As the alternative investment industry tackles a rapidly changing threat landscape, increased regulation, and a continuous need to innovate, most firms are increasing their DX and security budgets and cite security as critically important to their DX initiatives, according to IDC.

Applying Shift Left principles to third party risk management
In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about applying Shift Left, a concept that originated with developers to find and prevent defects early in the software delivery process, to third party risk management (TPRM).

Cyberattacks against law enforcement are on the rise
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022.

How a cyber asset management strategy can help enterprises detect threats
In this Help Net Security video, Keith Neilson, Technical Evangelist at CloudSphere, illustrates how the key to ensuring security in these vulnerable scenarios lies in cyber asset management, which ensures all cyber assets are accounted for, even when attacks are invisible to the user.

The connected nature of smart factories is exponentially increasing the risk of cyber attacks
51% of industrial organizations believe that the number of cyber attacks on smart factories is likely to increase over the next 12 months, according to the Capgemini Research Institute.

The threat of quantum computing to sensitive data
In this Help Net Security video, Carmi Bogot, VP Business Development at HUB Security, talks about the threat of quantum computing to sensitive data, and how confidential computing could be, at least, part of the answer.

Encryption is high up on corporate priority lists
The number of UK organizations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year.

Positive trends in the application security space
In this Help Net Security video, Manish Gupta, CEO at ShiftLeft, talks about positive trends in the application security space.

Simplifying legal entity identification in the digital age
In this video for Help Net Security, Karla McKenna, Managing Director and Philip Feairheller, Software Developer at the Global Legal Entity Identifier Foundation (GLEIF), review the model and the technologies underpinning the verifiable LEI – or vLEI – a new digital identity service designed to overcome this challenge by enabling organizations everywhere to make better decisions about who and what they trust when engaging in digital transactions.

Why 80% of companies are looking to switch their managed service provider
In this Help Net Security video, William Norton, Director, Channel & Alliances, MSP/CSP, CloudBolt, discusses how to weather this cloud storm and sail into trusted cloud waters.

New infosec products of the week: July 8, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Action1, Kingston Digital, LogRhythm, and Socura.

More about

Don't miss