Hub Weekly Digest: Zero Trust Comes to the U.S., Australia’s Cyber Crime, New IoT Network Vulnerabilities, and the Zoho APT Attack
HUB Security’s weekly digest covers top stories happening around the world related to cyber attacks, threats and global cybersecurity news.
Join our webinars on the most relevant cybersecurity topics trending in 2021 — stay up to date via our LinkedIn and Twitter.
HUB Security’s upcoming webinar The Future of Encryption taking place October 7th. We are thrilled to host a panel of subject experts, including Thomas Stengel, Paul Starrett, Marc Kaplan, Natalie Kilber, Maëva Ghonda, and Alon Saban to discuss current and future challenges in quantum security. Register here.
IT Leaders in the US Now Mandated to Adopt Zero-Trust Architectures
President Joe Biden’s May 12 executive order on cybersecurity put federal networks squarely at the center of efforts to bolster U.S. IT security defenses. For agencies in which IT decision-makers viewed security initiatives such as zero trust as something to tackle later, things got real.
Of course, that reality only continues to crystalize amid the ongoing, high-profile cyberattacks on crucial U.S. interests — the impetus for the order’s release. These attacks could serve as a harbinger of what’s to come, and federal agencies must prepare accordingly. (Source)
Growing IoT Networks Pose New Challenges For Cybersecurity Teams
By some estimates, there are around 10 billion IoT devices operating in the world today. By 2025, there will be more than 25 billion — a huge increase in so-called “attack surfaces” potentially vulnerable to infiltration.
And the main culprit for this explosion in vulnerable targets? There are many, from home Wi-Fi networks in a work-from-home world to a lack of two-factor authentication. But one of the biggest sources of potential weakness has come from the proliferation of connected devices — the so-called Internet of Things. (Source)
DISH partners with IBM for new cloud-native 5G network
DISH and IBM have announced a new partnership that will see the companies collaborate on the United States’ first greenfield cloud-native 5G network. DISH said in a statement that IBM would provide “AI-powered automation and network orchestration software and services to bring broad 5G network orchestration to DISH’s business and operations platforms.”
DISH Wireless chief network officer Marc Rouanne explained that the company’s 5G build is unique because they are creating a “network of networks” where enterprises can customize a network slice or group of slices to achieve their business goals. “IBM’s orchestration solutions are designed to leverage AI, automation and machine learning to not only make these slices possible but to help them adapt over time as customer use evolves,” Rouanne said. (Source)
Critical Vulnerability Detected in APT Attack on India’s Zoho Password Manager
The US government issued a joint advisory Thursday warning of the ongoing “active exploitation” of a “critical” vulnerability in a popular password management solution, which “poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software.”
A Cybersecurity and Infrastructure Security Agency (CISA) official told Breaking Defense after this report’s original publication, “As exploitation of this product can lead to full identity compromise, CISA is taking this vulnerability very seriously and requests information from any organizations that may have been impacted.” (Source)
New Report Says Cyber Crime Has Cost Australia More Than $33bn in Losses in 2021
A quarter of cyber incidents reported to Australian security officials over the past year have targeted critical infrastructure and essential services, including health care, food distribution and energy. The Australian Cyber Security Centre (ACSC) will disclose the incidents in a report to be published on Wednesday, warning of “significant targeting, both domestically and globally, of essential services”.
These incidents have “underscored the vulnerability of critical infrastructure to significant disruption in essential services, lost revenue and the potential of harm or loss of life”. The report will also show ransomware attacks disclosed to the ACSC increased 15% in the 2020–21 financial year, when compared with the previous financial year. (Source)
