This week, data security and encryption took center stage in social debates after Apple announced its Advanced Data Protection feature. According to Ivan Krstić, Apple’s Head of Security Engineering and Architecture, ”Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”
Thus, many privacy advocates and others returned to the ongoing debate of how to strike that delicate balance between security and privacy, with the Electronic Frontier Foundation supporting the new feature and the FBI expressing concern that end-to-end encryption could obstruct criminal investigations.
Indeed, privacy and data security will continue to be leading topics of conversation as advancements in quantum computing will impact governance and post-quantum cryptography standards. As we move toward RSAC 2023 in April, it will be interesting to see whether other tech giants follow in stride. Regardless, we know we can look forward to active discourse, debate, and learnings from all of the voices in our ecosystem.
Now, let’s take a look at what else made cybersecurity headlines this week.
Dec. 9: “Chinese technology giant Huawei said Friday it will license its 5G technology to rival handset maker Oppo as it looks to unlock a new revenue stream after its smartphone business was crushed by U.S. sanctions,” CNBC reported.
Dec. 9: The UK government announced it will partner with the Chartered Institute of Information Security to provide students funding to pursue a career in cybersecurity.
Dec. 9: Cisco customers were alerted to a high-severity vulnerability impacting the 7800 and 8800 series Cisco IP phones.
Dec. 8: The Hacker News reported, “An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems.”
Dec. 8: Sequoia, a human resources benefits management company, discovered that one of its cloud storage repositories had been accessed by an unauthorized user.
Dec. 7: After nearly two weeks of crippled operations resulting from a cyberattack, India’s leading hospital resumed online services and was able to access its server.
Dec. 7: The box office of the Metropolitan Opera was “completely incapacitated” by a cyberattack, leaving the company unable to sell tickets for more than 30 hours.
Dec. 7: Dark Reading reported, “A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found.”
Dec. 6: According to reports from Reuters, Russia’s second-largest bank, VTB, was the victim of a DDoS attack, which the bank referred to as “The largest not only this year, but in the whole time the bank has operated.”
Dec. 5: Hackers out of China allegedly launched a cyberattack to breach the Canadian branch of Amnesty International.Dec. 5: Cyber Scoop reported, “Secretary of Homeland Security Alejandro Mayorkas said national security and homeland security are now more interconnected than ever before, largely driven by the fact that U.S. adversaries can execute attacks ‘with a keystroke.’ ”