October 13, 2023 at 09:19AM
SecurityWeek provides a concise compilation of noteworthy cybersecurity stories. This week’s stories include the appeal of former Uber security chief Joe Sullivan against his conviction for covering up a data breach, a bounty offered for finding the NIST elliptic curve seeds, analysis of surveillance products by NSO Group competitor Intellexa, and $7 billion in cryptocurrency laundered through cross-chain services. Other stories include the exposure of secrets in African financial apps, the launch of Honeywell’s OT security solution, Microsoft expanding its Security Experts offerings, and Google’s passwordless initiative. IBM has also unveiled AI-powered managed detection and response services, and a new ransomware operation named LostTrust has been detailed.
Here are the key takeaways from the meeting notes:
1. Former Uber security chief Joe Sullivan has filed an appeal after being sentenced for covering up the 2016 data breach suffered by Uber. His legal team believes the verdict was flawed.
2. A bounty of over $12,000 (tripled if donated to charity) has been offered to find the seeds for NIST elliptic curves used in modern cryptography.
3. Amnesty International and EIC have conducted an analysis of surveillance products from Intellexa, a competitor of NSO Group. The investigation reveals a failure to regulate surveillance trade.
4. Approximately $7 billion in cryptocurrency has been laundered through cross-chain services, with a significant portion attributed to North Korea’s Lazarus cyber group.
5. A study of 224 financial Android applications used in Africa found that 95% of them expose secrets that could lead to the compromise of personal and financial data.
6. Honeywell has launched Cyber Watch, an OT security solution to help organizations protect operational technology.
7. Microsoft has expanded its Security Experts offering, introducing Microsoft Defender Experts for XDR, Defender Experts for Hunting, and Incident Response Retainer.
8. Google is making passkeys the default option for personal Google Accounts, employing AI-powered defenses to enhance email security, and using Tensor G3 chip to improve Pixel device security.
9. IBM has introduced AI-powered Threat Detection and Response Services (TDR) for 24×7 monitoring, investigation, and automated remediation of security alerts.
10. SentinelOne has identified a new ransomware operation called LostTrust, which has been linked to SFile, Mindware, and MetaEncryptor.
Please note that these are just summaries of each story. Let me know if you need any further details on specific topics.