This week, the COVID-19 Cyber Threat Coalition joined us for a great roundtable discussion about their ongoing and all-volunteer efforts. Similarly, we were joined a couple weeks ago by the CTI League, who also serve as an example of the ways that the community benefits from collaboration. It’s not surprising that the recently published Cyberspace Solarium Commission Report “advocates a new strategic approach to cybersecurity: layered cyber deterrence.” Part of the six pillars of this new approach “requires securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem.”
This week’s headlines saw McAfee and Atlassian collaborating in an effort to deliver advanced data security and threat protection to their common customers who are moving to the cloud. The federal government is reportedly helping its supply chain build cybersecurity in their converged OT and IoT networks. Aligning with that very same theme of working together, HP’s CCO Christoph Schell contributed a piece to Security Boulevard in which he explained “Why Everyone Is Needed to Make Cybersecurity Matter.”
That’s a lot of goodness, which we certainly hope will continue. Let’s take a look at what else happened across the cybersecurity industry this week.
May 15: A survey of 750 global IT and cybersecurity professionals found that the vast majority (78%) of organizations have at least 50 different security products running simultaneously, according to ITProPortal.
May 14: Security researcher Vinoth Kumar earned a $20,000 bug bounty from Facebook after discovering “a cross-site scripting (XSS) vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method,” Threatpost reported.
May 13: “The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said in the joint alert that the agencies hoped to ‘raise awareness’ of threats posed to research groups by Chinese malicious actors,” according to news from The Hill.
May 13: Infosecurity magazine reported, “Microsoft has fixed 111 vulnerabilities in its latest update round, the third month in a row that the number of addressed CVEs has exceeded a century.”
May 12: Project Safe Childhood had a big win after the Department of Justice sentenced a Texas man to 60 years in prison for producing and sharing over the Internet hundreds of images and videos of himself sexually exploiting children.
May 11: A hacking group known as ShinyHunters sold approximately 73.2 million user records acquired from several different sites, including Zoosk, Chatbooks, the Star Tribune newspaper, South Korean fashion and furniture sites and the Chronicle of Higher Education, Engadget reported.
May 11: TechBeacon reported, “With the software development ground shifting, it’s time for application security teams to get a move on—from app sec after the fact to secure code throughout the software development lifecycle. Here's what you need to know about the state of application security testing.”
May 11: The Cybersecurity 202 reported that some states are considering “allowing digital voting to play a more prominent role, despite persistent warnings from experts that it’s highly insecure and often unverifiable.”