Last week brought us a variety of interesting news, articles, interviews, and videos covering a range of topics in the cybersecurity world. Here are some highlights from the past week:
1. The misconceptions preventing wider adoption of digital signatures
In an interview with CEO Thorsten Hau of fidentity, the legal validity of qualified digital signatures is explored. Hau explains that these digital signatures are just as valid as handwritten signatures when supported by robust identity verification measures. However, misconceptions about their use and reliability often prevent wider adoption of this technology.
2. Shifting left and right, innovating product security
CEO Slava Bronfman of Cybellum discusses strategies for achieving product security throughout a device’s entire lifecycle in an interview. This includes fostering collaboration across business units and product lines, ensuring transparency and security in the supply chain, and meeting regulatory requirements while ensuring compliance.
3. Reaper: Open-source reconnaissance and attack proxy workflow automation
Reaper is an open-source tool designed to automate reconnaissance and attack proxy workflows. It aims to be a modern, lightweight, and efficient alternative to other tools like Burp Suite and ZAP. Reaper focuses on automation, collaboration, and building universally distributable workflows.
4. Atlas VPN zero-day allows sites to discover users’ IP address
Atlas VPN has confirmed the existence of a zero-day vulnerability that could allow website owners to discover Linux users’ real IP addresses. This vulnerability poses a significant concern for user privacy and security.
5. Old vulnerabilities are still a big problem
A recently discovered phishing campaign highlights the ongoing issue of old vulnerabilities in Microsoft Office. The campaign exploits these vulnerabilities to deliver the Agent Tesla RAT, a type of malware that allows hackers to remotely execute code on a victim’s computer.
6. LibreOffice: Stability, security, and continued development
LibreOffice, an open-source office productivity suite, is widely used and highly recommended for its stability, security, and active community of developers. It offers many features, is user-friendly, well-documented, reliable, and free.
7. How Chinese hackers got their hands on Microsoft’s token signing key
The mystery of how Chinese hackers managed to breach Microsoft 365’s email service and access accounts of employees from 25 government agencies has been solved. The hackers found a crucial signing key in Microsoft’s corporate environment, where it should not have been.
8. Apple patches two zero-days under attack
Apple has issued patches for two zero-day vulnerabilities that were exploited to deliver the Pegasus spyware developed by NSO Group. These vulnerabilities posed a significant threat to Apple users’ privacy and security.
9. LockBit leaks sensitive data from maximum security fence manufacturer
The LockBit ransomware group targeted Zaun, a UK-based manufacturer of fencing systems, by compromising a legacy computer running Windows 7. This initial point of access allowed the attackers to breach the wider company network and leak sensitive data.
10. 5 ways in which FHE can solve blockchain’s privacy problems
Blockchain technology has gained popularity for its decentralized nature and immutability, but it also faces privacy challenges. Fully Homomorphic Encryption (FHE) offers solutions to these challenges by providing privacy-preserving computations on encrypted data.
These are just a few of the noteworthy cybersecurity news and developments from last week. Stay tuned for more updates and insights as the industry continues to evolve and address emerging threats.