CYBER THIS WEEK – AUGUST 21, 2022
Getting ready for post-quantum security mayhem
If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the internet and elsewhere.
Getting ready for post-quantum security mayhem: embedded.com
How Risk-Based Patch Management Can Help Overcome the Overwhelming Wave of Cyber Threats
IT teams need to move from a check-the-box treatment of device/infrastructure patching to a we-can-prevent-disasters-effectively operating model. That’s what RBPM can give you.
Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out
University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk.
Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out (darkreading.com)
How Not to Waste Money on Cybersecurity
While enterprise security leaders usually do well at estimating threats and vulnerability, they often lack the ability to accurately assess business risk when making the case for sufficient security funding. “Cyber risk and its business impact is often put into technical language that the C-suite does not understand
Cybersecurity: How Not To Waste Money (informationweek.com)
Organizations Intensify Software Supply Chain Security Efforts against Risks Posed by Open Source Prevalence
As organizations are witnessing the level of potential impact that a software supply chain security vulnerability or breach can have on their business through high-profile headlines, the prioritization of a proactive security strategy is now a foundational business imperative
The Power of Provenance: From Reactive to Proactive Cybersecurity
Provenance analysis is a relatively new field of research in the cybersecurity realm. Put simply, it uses vast amounts of log data collected by various network devices, standardizes and analyzes it, and peels back the layers of obfuscation to identify the real source of an attack. Once identified, a network attack can be blocked and/or terminated in real-time
The Power of Provenance: From Reactive to Proactive Cybersecurity – Security Boulevard
When Efforts to Contain a Data Breach Backfire
Companies in the throes of responding to a data security incident do themselves and customers no favors when they underestimate their adversaries, or try to intimidate cybercrooks with legal threats. Such responses generally accomplish nothing, except unnecessarily upping the stakes for everyone involved while displaying a dangerous naiveté about how the cybercrime underground works.
When Efforts to Contain a Data Breach Backfire – Krebs on Security
Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable
VEX’s primary use case is “to provide users (e.g., operators, developers, and services providers) additional information on whether a product is impacted by a specific vulnerability in an included component and, if affected, whether there are actions recommended to remediate. VEX adds context to software vulnerabilities to better inform risk assessment decisions.
Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable | CSO Online
Staying Ahead Of CMMS and EAM Cybersecurity Risks
When malicious actors can steal credentials, expose sensitive data, and hold intellectual property ransom, among other nefarious acts, where should facility managers begin when it comes to mitigating the risk of compromising their software, IoT devices, and operational tech?
Staying Ahead Of CMMS And EAM Cybersecurity Risks (facilityexecutive.com)
This was H1 2022: Part 3 – Beyond the War
This is the third and final blog in their three-part series, which was written to shine a light on cyber activities in the first half of 2022. This particular blog covers events, attacks and heists that took place outside the Russian and Ukraine cyber war