As I plan for the RSAC 365 Half-Day Virtual Seminar in June on the topic of supply chain with our program chair, Shamla Naidoo, one idea that persists in the many tentacles of the supply chain is that the foundation of supply chain security must be established by building trust.
It is from this perspective that I read several pieces on establishing trust in the cybersecurity industry. An Atlantic Council blog opined about ways that the public and private sectors could build a community of trust. Venture Beat reported, “enterprises trust hardware-based security over quantum computing.” Certainly, news that the US and its allies are “broadening the Abraham Accords” affirms that there is international interest in building trust and strengthening relationships. But, among the many ideas articulated this week, I appreciated a book review written in The Enterprisers Project, as it proclaimed, “Cybersecurity is a central aspect of trust.”
Now let’s take a look at what else made industry headlines this week.
Feb. 3: As ChatGPT grows more popular, many question whether the chatbot poses cybersecurity threats.
Feb. 3: A 27-year-old US man has been charged with commodities and wire fraud for allegedly swindling $110 million in cryptocurrency, Infosecurity Magazine reported.
Feb. 2: “A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction,” according to BleepingComputer.
Feb. 2: The former Ubiquiti employee who was charged with an insider attack on his employer pled guilty to charges, Recorded Future reported.
Feb. 1: According to The Daily Swig, Peter Geissler, an independent security researcher, decided to release “a zero-day remote code execution (RCE) chain of vulnerabilities affecting Lexmark printers after claiming the disclosure reward he was offered was ‘laughable’.”
Feb. 1: “Rapid7 Inc, the cybersecurity firm that hired Twitter Inc whistleblower Peiter Zatko last month, is exploring options that include a possible sale after attracting acquisition interest,” Reuters reported.
Jan. 31: The Hacker News reported, “A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.”
Jan. 30: The Cybersecurity and Infrastructure Security Agency is exploring ways to work with the private sector to help corporations strengthen their cybersecurity postures.