CYBER THIS WEEK – SEPTEMBER 18, 2022
Are organizations treating cyber risk as a quantifiable business risk?
Businesses across industries today have become digitized not just as an operational enhancement but as an inevitable requirement. However, the spike in the number of digital endpoints has also meant an uptick in the level of cyber risk that organizations must deal with.
Are organizations treating cyber risk as a quantifiable business risk? – Express Computer
The cognitive dissonance of the CFO: “Confident” on cyber resilience but under-briefed
Cyberattacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber
The cognitive dissonance of the CFO: Confident on cybersecurity, but… (thestack.technology)
UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you
Many ransomware attacks these days represent not the beginning but the end of an intrusion that probably lasted days or weeks, and may have lasted for months, during which time the attackers probably managed to promote themselves to have equal status with the most senior sysadmin in the company they’d breached.
UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you – Naked Security (sophos.com)
Most enterprises looking to consolidate security vendors
Three-quarters of all enterprises expect to reduce the number of security vendors they use according to a recent survey, more than double the number from 2020.
Most enterprises looking to consolidate security vendors | CSO Online
Breach of software maker used to backdoor ecommerce servers
FishPig is a seller of Magento-WordPress integrations. Magento is an open source e-commerce platform used for developing online marketplaces. The supply-chain attack only affects paid Magento 2 modules.
Breach of software maker used to backdoor ecommerce servers | Ars Technica
Google, Microsoft can get your passwords via web browser’s spellcheck
Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.
Google, Microsoft can get your passwords via web browser’s spellcheck (bleepingcomputer.com)
Attackers: Modern Day API Cartographers
Attackers will hunt for any available open source information. Old developer notes, or even one of your developer’s Stack Overflow posts, could contain paths to endpoints that shouldn’t be exposed to the public
Attackers: Modern Day API Cartographers – Security Boulevard
Tackling Financial Fraud with Machine Learning
Cybercriminals are constantly adopting new techniques to evade know-your-customer verification processes and fraud detection controls. In response, many businesses are exploring ways machine learning (ML) can detect fraudulent transactions involving synthetic media, synthetic identity fraud, or other suspicious behaviors.
Tackling Financial Fraud with Machine Learning (darkreading.com)
How to Protect Industrial Control Systems in Today’s Industrial Cyber Threatscape
The number of industrial control system (ICS) cybersecurity incidents is growing, and as a community, our ability to respond effectively is in question.
How To Protect Industrial Control Systems In Today’s Industrial Cyber Threatscape (forbes.com)
Business Application Compromise & the Evolving Art of Social Engineering
Modern businesses must educate their employees, teaching them how to recognize the signs of a potential scam and where to report it. With businesses using more applications each year, employees must work hand-in-hand with their security teams to help systems remain protected against increasingly devious attackers.
Business Application Compromise & the Evolving Art of Social Engineering (darkreading.com)