CYBER THIS WEEK – JULY 24, 2022

Researchers Discover SATA Cables Could Leak Data from Air-Gapped Systems

Air-gapped systems are isolated systems that remain segregated to keep sensitive information offline. While these systems are considered safe due to no connection with the internet world, they’re often the subject of interest for researchers to find out how an adversary could still exploit them. In this regard, researchers have proposed various attacks on air-gapped systems, the latest of which includes the SATAn attack.

https://latesthackingnews.com/2022/07/21/researchers-discover-sata-cables-could-leak-data-from-air-gapped-systems/

Physical destruction of data storage – Things to consider

The initial step when considering data destruction is basically the same first step in data protection: Take time to understand what kind of data you’re working with. Policy around data classification is going to dictate certain aspects of how that data must be treated

Physical destruction of data storage – Things to consider | April C Wright – Hacker, Speaker, Author (architectsecurity.org)

The next big security threat is staring us in the face. Tackling it is going to be tough

Deepfakes are getting better at mimicking real people. Soon that’s going to be a problem for everyone

The next big security threat is staring us in the face. Tackling it is going to be tough | ZDNet

Hospital Ransomware Attack: Here’s What a Cybersecurity Success Story Sounds Like

What do you do if protective measures fail? What can be done once an attack is already happening? One health care IT director set a fantastic example of what to do when an active ransomware attack was detected.

Hospital Ransomware Attack: Here’s What a Cybersecurity Success Story Sounds Like (securityintelligence.com)

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns.

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ | Threatpost

Digital security giant Entrust breached by ransomware gang

Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for identity management and authentication. 

Digital security giant Entrust breached by ransomware gang (bleepingcomputer.com)

For the public sector, cyber resilience has never been more important

Cities are on the frontline of a rising wave of cyber-attacks. The internet-connected technology used to power them and deliver services places them at high risk of a range of cyber-attacks. Cyber-attacks can have serious consequences for cities and their citizens.

Cyber resilience: what is it, and why do cities need it? | World Economic Forum (weforum.org)

CIO, CDO and CTO: The 3 Faces of Executive IT

First there was the chief information officer, and then companies started adding chief data officers and chief technology officers. What strategic deliverables do companies expect from their IT leaders?

CIO, CDO and CTO: The 3 Faces of Executive IT (informationweek.com)

What Is Attack Surface Profiling?

Is attack surface profiling the same as a pen test? If it isn’t what unique insight can attack surface profiling deliver?  Listen to the podcast 

What Is Attack Surface Profiling? – CISO Series

What InfoSec Pros Can Teach the Organization About ESG

Security underpins key aspects of ESG. Companies want to do business with organizations that are either advancing the cause of security and privacy or are at least not doing harm. How transparent companies are before, during, and after a breach tells you a lot about their corporate character. A data breach may be called a privacy responsibility or a security responsibility, but, at the end of the day, it’s a social responsibility.

What InfoSec Pros Can Teach the Organization About ESG (darkreading.com)

Share: