SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Ex-Uber security chief appeals data breach cover-up conviction
Former Uber security chief Joe Sullivan has filed an appeal after he was sentenced to probation and community service earlier this year for covering up the data breach suffered by the ride-sharing giant in 2016. His legal team described the verdict as ‘profoundly flawed’.
$12,000 bounty offered for NIST elliptic curve seeds
A bounty of more than $12,000 — the amount is tripled if donated to charity — has been offered to anyone who can find the seeds for the NIST elliptic curves that power much of modern cryptography. It’s believed that the seeds were generated by hashing sentences written in English, but the person who picked them has passed away.
Intellexa Alliance’s surveillance products
Amnesty International and the European Investigative Collaborations (EIC) media network have conducted a detailed analysis of the surveillance products offered by NSO Group competitor Intellexa, which is known for its Predator spyware. The investigation reveals “a catastrophic failure to regulate surveillance trade”, the organizations said.
$7 billion in cryptocurrency laundered via cross-chain services
A record $7 billion in cryptocurrency has been laundered through cross-chain services, much of it by North Korea’s notorious Lazarus cyber group, according to Elliptic. Cross-chain activities involve quickly swapping crypto-assets between different tokens or blockchains in an effort to obfuscate their origin.
Vast majority of African financial apps expose secrets
Mobile security firm Approov has conducted a study of 224 financial Android applications used across Africa and found that 95% of them expose secrets that could allow malicious actors to obtain personal and financial data. The analysis found that 33% of cryptocurrency apps expose highly sensitive secrets, and 15% of the studied apps expose authentication tokens.
Honeywell launches new OT security solution for enterprises
Honeywell has announced the launch of Cyber Watch, a breakthrough enterprise solution designed to help organizations protect operational technology (OT). The solution provides visibility into risks and vulnerabilities at the site level and the enterprise level.
Microsoft expands Security Experts offerings
Microsoft has expanded its Security Experts offering. The tech giant announced the general availability of Microsoft Defender Experts for XDR, Defender Experts for Hunting, and Incident Response Retainer. It also announced the restructuring of Microsoft Security Enterprise Services, formerly known as Microsoft Security Services for Modernization.
Google announces passwordless by default and other security updates
Google has made an announcement related to its passwordless initiative: passkeys are being made even more accessible by offering them as the default option across personal Google Accounts. In addition, the company announced the use of AI-powered defenses to make email safer, and the use of the Tensor G3 chip to improve the security of Pixel devices.
IBM unveils AI-powered managed detection and response services
IBM has announced new managed detection and response service offerings powered by AI technologies. The new Threat Detection and Response Services (TDR) provide 24×7 monitoring, investigation, and automated remediation of security alerts from existing security tools and other resources.
New LostTrust ransomware
SentinelOne has detailed a new ransomware operation named LostTrust, which emerged in September. LostTrust has been linked to SFile, Mindware and MetaEncryptor.