November has been a rotten month for defenders, with a slew of malware creating all sorts of headaches the world over. From malware aimed at avoiding detection to impersonating the US Postal Service, unsuspecting users continue to fall victim to malicious cyberthreats. Travelers are even advised not to use public USB plugs because they could contain malware. Though it seems like a hopeless fight at times, we must do as Aeschylus advised in Agamemnon, and “let good prevail!”
And there remains an abundance of goodness going on. Higher education continues to invest in cybersecurity education and training centers, researchers are identifying vulnerabilities so that they can be fixed before being exploited by attackers, defenders are thwarting attacks and law enforcement is holding criminals accountable for their nefarious cyber-schemes.
Here’s a roundup of what else has been happening in cybersecurity this week.
Nov. 15: Two Massachusetts men are facing an 11-count indictment after being charged “in connection with a major SIM swap campaign designed to steal cryptocurrency and hijack high-value social media accounts,” Infosecurity Magazine reported.
Nov. 15: After a German parliamentary committee voted that the Apple Pay mobile payments system should be opened to rival providers, Apple warned the move could potentially pose data protection risks.
Nov. 14: Trend Micro researchers identified the advanced persistent threat group APT33 as the presumed actors that have been targeting “high-value entities … using a dedicated infrastructure set up to make tracking more difficult,” according to Security Week.
Nov. 14: A recent report, which found that American veterans are increasingly the target of misinformation campaigns, has raised alarm bells for Congress, which has asked the Department of Veterans Affairs to take action toward better protecting veterans against these online threats.
Nov. 14: Unidentified sources alleged that China hacked a US manufacturing group, the National Association of Manufacturers (NAM), according to Reuters.
Nov. 13: After reports that Google’s Project Nightingale deal with Ascension would give the tech giant access to the private medical data of millions of patients, the Office for Civil Rights in the US Department of Health and Human Services and several lawmakers expressed concern, asking for a moratorium on the project pending an investigation. Additionally, privacy advocates attempted to thwart Google’s $2.1 billion acquisition of Fitbit because of privacy concerns, according to AP News.
Nov. 13: A new Malwarebytes report, Cybercrime tactics and techniques: the 2019 state of healthcare, found that the healthcare industry continues to be a growing target of cybercrime.
Nov. 12: According to Defense One, Dr. Deborah Frincke, director of the National Security Agency’s research branch, advised, “When it comes to fighting quantum-enabled threats, timing is of the essence.”
Nov. 11: Security researchers at Talos unearthed a massive malware campaign invoking major political figures from Hillary Clinton to President Donald Trump in order to deliver ransomware.
Nov. 11: A new version of China’s State Cryptography Administration (SCA) has passed, more than two years after its initial draft was published.
Nov. 10: University of California at Berkeley professor Dawn Song has undertaken a new data privacy project, with the goal of developing “a new paradigm in which people control their data and are compensated for its use by corporations,” The New York Times reported.