CYBER THIS WEEK – APRIL 2, 2023
FDA lays out device cybersecurity requirements
Manufacturers of medical devices must now show regulators when they apply to the FDA for authorization that they can monitor and address cybersecurity threats once products are on the market.
FDA lays out device cybersecurity requirements – POLITICO
There Are Way Too Many Cybersecurity Startups. Some Won’t Survive a Recession
Without a doubt, there is an “overload” of vendors in the market right now, as fears of a full-blown recession escalate, so do the concerns that a whole lot of cybersecurity vendors may be vulnerable. There are good ideas, good people, and good technologies. But if you’re a customer, you cannot review 300 technologies every year.
There Are Way Too Many Cybersecurity Startups. Some Won’t Survive A Recession. | CRN
Experts weigh in on CIRCIA one year later
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022) requires critical infrastructure owners and operators report ransomware payments to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.
Experts weigh in on CIRCIA one year later | Security Magazine
Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack
Through means that aren’t yet clear, the attack managed to distribute Windows and macOS versions of the app, which provides both VoIP and PBX services to “600,000+ customers,” including American Express, Mercedes-Benz, and Price Waterhouse Cooper. The attackers somehow gained the ability to hide malware inside 3CX apps that were digitally signed using the company’s official signing key.
Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack | Ars Technica
The Anatomy of a Comprehensive Penetration Test
Security can be overlooked when developers focus on creating as many features as possible for their users, but that lack of security can cost an organization dearly in the long run due to potential data breaches and other malicious attacks.
The Anatomy of a Comprehensive Penetration Test – CPO Magazine
5 cyber threats retailers are facing — and how they’re fighting back
Ransomware, point-of-sale hacks, and supply chain threats are just a few of the worries for today’s retailers. The stakes are high when you’re handling big money and reams of consumer data.
5 cyber threats retailers are facing — and how they’re fighting back | CSO Online
Stop Blaming the End User for Security Risk
Enterprises pour significant investments into user security-awareness training, and still, they suffer embarrassing, costly breaches. So, focusing primarily on securing the end user isn’t a sound strategy.
Stop Blaming the End User for Security Risk (darkreading.com)
The role of API inventory in SBOM and cyber security
We can expect the continued development of SBOM standards, guidelines, and best practices, with API inventory management taking on an increasingly prominent role. By embracing SBOM and integrating robust API inventory practices, organizations can better secure their software systems, mitigate vulnerabilities and ensure their resilience and success in an increasingly interconnected world.
The role of API inventory in SBOM (cshub.com)
Why cyber security is critical to a successful energy transition
In an ever-changing world, motivations for criminals are vast. While financial gain may be a traditional motive, energy companies might now be targeted by campaigners seeking to force societal change or by foreign/state-sponsored attackers trying to undermine public confidence in critical infrastructure.
Cybersecurity: Why cyber security is critical to a successful energy transition (worldoil.com)
Meet APT43: The group that hacks, spies and steals for North Korea’s ruling elite
Unlike many APTs, this group doesn’t tend to rely on zero days, unique malware or advanced intrusion techniques. Its modus operandi is social engineering, impersonating journalists, researchers and other personas to steer targets into divulging geopolitical insights or conversations from policymakers and governments deemed hostile to North Korean interests.