Last week was filled with interesting cybersecurity news, articles, interviews, and videos. Among the top news was the announcement by the Cl0p cyber extortion crew of their rules for extortion negotiation after the MOVEit hack. The group said that several organizations whose data they had stolen by exploiting a loophole in the MOVEit Transfer solution had until June 14 to contact them; otherwise, their names would be posted on the crew’s dedicated leak page.
The 0mega ransomware gang also made headlines by changing their tactics. They are among the ransomware gangs that have stopped using malware to encrypt targets’ files and have resorted to data theft/extortion as a way to get paid.
Another interesting read was the June 2023 Patch Tuesday forecast that warned of not forgetting about Apple. The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday.
Open-source GitHub cybersecurity projects were also a highlight, with the dedicated contributors providing valuable tools, frameworks, and resources to enhance security practices.
Artificial intelligence (AI) and machine learning (ML) have been used in businesses for years. However, model provenance and assurance have not necessarily been documented nor built into company policy. A recent article discussed the interpretation of AI regulation and implementing good practice.
In the software industry, the tension between developers and security teams is long-standing, primarily due to the friction that security is often perceived to create. An article highlighted how to make developers love security by easing the tension between the two teams.
In recent years, the use of text passcodes has been prevalent in security. However, fraudsters have learned how to undermine them. The Help Net Security video featured Lee Suker, Head of Authentication and Number Information at Sinch, who discussed how moving away from text passcodes is much more about human factors than technology factors.
Zoom announced privacy enhancements and tools to ensure users’ control over their data and privacy preferences. In the corporate world, Large Language Models (LLMs) are valuable assets that are being applied, changing how businesses are run.
In cybersecurity training, there has been a shift towards embracing realistic simulations. In a Help Net Security video, Ed Adams, CEO of Security Innovation, discussed the changes in cybersecurity training. Companies now include realistic simulations in their cybersecurity training programs to a more significant degree than in 2020.
Verizon Business released its 16th annual Data Breach Investigations Report (2023 DBIR), analyzing 16,312 security incidents and 5,199 breaches. The report showed that 74% of breaches involved the human element.
In an attempt to tackle cybersecurity, some companies watch their employees. The question of employee surveillance incites thoughts of “Big Brother” and an all-seeing entity. An article highlighted the risks involved and advised companies to tread carefully.
In conclusion, last week’s news, articles, interviews, and videos touched on various cybersecurity topics ranging from AI to surveillance technology, zero-day vulnerabilities, and GitHub cybersecurity projects. It is essential to stay up-to-date with the latest cybersecurity news as the threat landscape keeps changing.