CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Security Architecture

In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty

Noteworthy stories that might have slipped under the radar: Ex-Uber security chief files appeal, tech giants announce new security offerings. 

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

Ex-Uber security chief appeals data breach cover-up conviction

Former Uber security chief Joe Sullivan has filed an appeal after he was sentenced to probation and community service earlier this year for covering up the data breach suffered by the ride-sharing giant in 2016. His legal team described the verdict as ‘profoundly flawed’.

$12,000 bounty offered for NIST elliptic curve seeds

A bounty of more than $12,000 — the amount is tripled if donated to charity — has been offered to anyone who can find the seeds for the NIST elliptic curves that power much of modern cryptography. It’s believed that the seeds were generated by hashing sentences written in English, but the person who picked them has passed away.

Advertisement. Scroll to continue reading.

Intellexa Alliance’s surveillance products

Amnesty International and the European Investigative Collaborations (EIC) media network have conducted a detailed analysis of the surveillance products offered by NSO Group competitor Intellexa, which is known for its Predator spyware. The investigation reveals “a catastrophic failure to regulate surveillance trade”, the organizations said. 

$7 billion in cryptocurrency laundered via cross-chain services

A record $7 billion in cryptocurrency has been laundered through cross-chain services, much of it by North Korea’s notorious Lazarus cyber group, according to Elliptic. Cross-chain activities involve quickly swapping crypto-assets between different tokens or blockchains in an effort to obfuscate their origin. 

Vast majority of African financial apps expose secrets

Mobile security firm Approov has conducted a study of 224 financial Android applications used across Africa and found that 95% of them expose secrets that could allow malicious actors to obtain personal and financial data. The analysis found that 33% of cryptocurrency apps expose highly sensitive secrets, and 15% of the studied apps expose authentication tokens. 

Honeywell launches new OT security solution for enterprises

Honeywell has announced the launch of Cyber Watch, a breakthrough enterprise solution designed to help organizations protect operational technology (OT). The solution provides visibility into risks and vulnerabilities at the site level and the enterprise level. 

Microsoft expands Security Experts offerings

Microsoft has expanded its Security Experts offering. The tech giant announced the general availability of Microsoft Defender Experts for XDR, Defender Experts for Hunting, and Incident Response Retainer. It also announced the restructuring of Microsoft Security Enterprise Services, formerly known as Microsoft Security Services for Modernization. 

Google announces passwordless by default and other security updates

Google has made an announcement related to its passwordless initiative: passkeys are being made even more accessible by offering them as the default option across personal Google Accounts. In addition, the company announced the use of AI-powered defenses to make email safer, and the use of the Tensor G3 chip to improve the security of Pixel devices. 

IBM unveils AI-powered managed detection and response services

IBM has announced new managed detection and response service offerings powered by AI technologies. The new Threat Detection and Response Services (TDR) provide 24×7 monitoring, investigation, and automated remediation of security alerts from existing security tools and other resources. 

New LostTrust ransomware

SentinelOne has detailed a new ransomware operation named LostTrust, which emerged in September. LostTrust has been linked to SFile, Mindware and MetaEncryptor.

Related: In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea

Related: In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...