Pentagon cloud deal, Apple encrypts iCloud backups, CloudSEK hack

Pentagon cloud deal, Apple encrypts iCloud backups, CloudSEK hack

Pentagon awards cloud contract to four major providers

The Pentagon said Wednesday that Amazon, Google, Microsoft and Oracle received a cloud computing contract that could total as much as $9 billion through 2028. The approach is in line with the U.S. Defense Department’s strategy of relying on multiple providers of external technology infrastructure to improve resilience . Back in 2019, the Pentagon awarded a cloud contract to Microsoft, but after a series of challenges (including from AWS and Oracle), the agency expanded its requests for bids to include the four tech giants.

(CNBC)

Apple finally adds encryption to iCloud backups

On Wednesday, Apple unveiled its “Advanced Data Protection” features, including end-to-end encryption for iCloud backups as well as iMessage Contact Key Verification, which allows users to verify who they are communicating with. Apple now also allows users to use a hardware security key such as a USB drive or NFC dongle for two-factor authentication to protect their Apple ID account. In addition to iCloud backups, Apple’s encryption now also covers contacts, notes, photos, voice memos and wallet passes. The only data still not covered by Advanced Data Protection is iCloud Mail, Contacts and Calendar due to compatibility reasons. Advanced Data Protection is currently in beta in the US and will be made available to all US users by the end of the year. The feature will begin rolling out globally in early 2023.

See also  Europe is moving towards transatlantic data sharing. Public surveillance. FTC phishing enforcement. cyber investments at the state level,

(Computerworld and WSJ)

CloudSEK claims it was hacked by another cybersecurity firm

India-based security firm CloudSEK says a threat actor gained access to its Confluence server using credentials stolen from one of its employees’ Jira accounts. While some internal information was exfiltrated from the Confluence wiki, CloudSEK says the attackers did not compromise the databases. A threat actor named ‘sedut’ has leaked some of CloudSEK’s internal data and is trying to sell what they claim is CloudSEK’s database, codebase and product documents on various hacking forums. CloudSEK’s CEO, Rahul Sasi, stated that he believes a “notorious cyber security company engaged in dark web surveillance” is responsible for the attack. CloudSEK refused to name the company they believe is behind the attack.

(Blueing computer)

Microsoft’s November updates keep breaking things

According to Microsoft, ODBC connections to some apps may fail after installing the November 2022 Patch Tuesday Windows updates. Microsoft clarified that the issue is related to connections that use the SQL Server Driver (sqlsrv32.dll). Microsoft published instructions for customers to diagnose the problem and says it is still working on a solution. In mid-November, Microsoft resolved login errors for domain controllers, and the company continues to investigate ongoing domain controller freezes and restarts. These issues were also triggered by last month’s Patch Tuesday Windows Server updates.

(Blueing computer)

Thanks to today’s episode sponsor, PlexTrac

The Plextrac platform is the offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize reusable content and become more efficient. PlexTrac customers report a “5X ROI in 1 year”, a “30% increase in efficiency”, have “cut the reporting cycle by 65%” and experienced an “18 to 22% time savings per engagement”.

Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.

Watchdog exposes UK agencies’ use of unsupported applications

The UK’s National Audit Office (NAO) has revealed that almost a third (30%) of applications used by the Department for Environment, Food and Rural Affairs (Defra) are not supported. The problem, often referred to as “tech debt”, means apps can no longer receive security or software updates. Defra provides critical services related to disease prevention, flood protection and air quality, and a major cyber incident can have serious consequences. The NAO concluded that although Defra is taking steps to address acute systemic risks and vulnerabilities, it lacks an adequate digital transformation plan. The government has given Defra £366m ($445m) to make IT investment over the next three years.

See also  The 5 biggest data breaches in 2022

(Infosecurity Magazine)

FFT and Ransomware account for the bulk of cyber insurance claims

According to figures from Corvus, fraudulent money transfers (FFTs) and ransomware caused the most financial damage in 2022, accounting for more than 50% of insurance claims. FFT accounted for an all-time high 36% of all injuries this year. There were fewer ransomware demands in H1 2022 compared to H2 2021, but the rate of data exfiltration increased by 25% in the same period. The proliferation of FFT highlights the increasing effectiveness of email compromise (BEC) fraud with FFT representing 70% of all BEC-related claims. The average FFT claim was significantly lower than ransomware due to the fact that such incidents typically do not include data recovery, system recovery, business interruption or breach response costs.

(Infosecurity Magazine)

New Zerobot malware exploits a number of exploits

A new Go-based malware called “Zerobot” was first discovered in mid-November and exploits 21 vulnerabilities in a variety of devices, including F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. Zerobot scans networks and propagates itself to adjacent devices with the goal of adding compromised devices to a distributed denial-of-service (DDoS) botnet. Researchers indicate that since November, a new version of Zerobot has appeared with improved obfuscation and exploitation features that signal the malware is under active development.

(Blueing computer)

San Francisco makes U-turn on ‘killer robots’ plan

We reported last week that San Francisco city lawmakers passed a proposal to allow police to kill suspects using robots equipped with lethal weapons. Protesters and several dissenting board members gathered on the steps of City Hall to urge the city to reverse its decision. On Tuesday, the board did just that, in a secondary vote that normally serves to stamp board decisions. The original proposal will now be refined or completely scrapped. These types of deadly robots are already in use in other parts of the United States.

See also  What you should know about car over-the-air updates – review geek

(BBC)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *