CYBER THIS WEEK – OCTOBER 2, 2022

To BYOT & Back Again: How IT Models are Evolving

As CIOs look to tap a wider range of digital tools and break down silos, the stakes are growing. After several years of control drifting toward the individual and “bring your own technology (BYOT),” some tech leaders are rethinking things — and in some cases –recalibrating away from a more democratized or federated model in favor of centralized controls.

How IT Models Are Evolving: To BYOT & Back Again (informationweek.com)

22 notable government cybersecurity initiatives in 2022

Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues. Here are 22 notable cybersecurity initiatives introduced around the world in 2022.

22 notable government cybersecurity initiatives in 2022 | CSO Online

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

A new study of the use and abuse of deepfakes by cybercriminals shows that all the needed elements for widespread use of the technology are in place and readily available in underground markets and open forums. Malicious campaigns involving the use of deepfake technologies are a lot closer than many might assume. Furthermore, mitigation and detection of them are hard.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here (darkreading.com)

Centre looks to revamp National Informatics Centre, its tech arm

Nearly half a century since it came into existence, the government is now looking to revamp and restructure the National Informatics Centre (NIC) – its the technology arm – to help the organisation keep pace with the growing need for digital technologies in the country.

Centre looks to revamp National Informatics Centre, its tech arm – The Hindu

Sustainability and Cybersecurity: The Unexpected Dynamic Duo of the Energy Transition

Given the energy transition’s reliance on digital technology, Energize believes ensuring an appropriate cybersecurity posture will always be necessary to reach our decarbonization goals. We cannot credibly deploy billions of dollars of renewable infrastructure to secure our energy future while leaving the “digital front (or back) door” open to malicious attacks.

Sustainability and Cybersecurity: The Unexpected Dynamic Duo of the Energy Transition (forbes.com)

Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors

Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports

Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online

Quantifying the risk of cybersecurity

If cybersecurity is a significant threat, why aren’t business leaders putting their money where their mouths are? Most (89%) C-suite executives claim cybersecurity is a high priority. Yet, budgets are a tell-tale of organizational priorities: the average spend is 0.5% of company revenue.

So why doesn’t the spend match the claims? The answer is simple. It’s because C-suite executives don’t know how much risk they have concerning cybercrime and have no idea how to quantify it.

Quantifying the risk of cybersecurity | Security Magazine

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Microsoft: Two New 0-Day Flaws in Exchange Server – Krebs on Security

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 – Microsoft Security Blog

We’re thinking about SaaS the Wrong Way

With the realization that some SaaS platforms are now application development platforms and an extension of the cloud, we should re-examine the responsibilities for securing those applications and bringing them under the security team’s umbrella.

We’re thinking about SaaS the Wrong Way (darkreading.com)

Complete Guide to SCADA Security

230,000 – This is the number of people affected by a single successful SCADA attack. Attackers successfully intruded Ukraine’s power grid using Black Energy 3 malware in 2015. The attack left 230,000 people and more stranded without power for over 6 hours. The SCADA systems were left non-functional, forcing the workforce to restore the power manually.

This attack on the SCADA system set alarm bells ringing across the globe, exposing the weak cybersecurity posture of critical infrastructure.

Guide to SCADA Security [2022 Updated] | Sec-trio

Share: