SAN MATEO, CA, October 30, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Known Exploited Vulnerabilities (KEV) catalog leads to 79% reduction in attack surface
- Gen Z three times more likely to fall for online scam than grandparents
- RTX second-largest defense contractor in world sells cybersecurity business for $1.3 billion
- LinkedIn tests new generative AI cybersecurity feature
- Google pushes passkeys as new more secure login method than passwords
- Germany wins the 2023 European Cybersecurity Challenge
- Biden Administration releases updated cybersecurity toolkit for healthcare sector
- SolarWinds releases cybersecurity patches to address critical vulnerabilities
- CISA expands “no notice” penetration testing process
- Three-quarters of US small businesses report data breach in 2022
- Okta hack wipes out $2 billion in market cap
Known Exploited Vulnerabilities (KEV) catalog leads to 79% reduction in attack surface
The release of a Known Exploited Vulnerabilities (KEV) catalog by CISA has led to a 79% reduction in attack surface across federal agencies between 2022 and 2023. Remediation times have also dropped by an average of 36 days. Maintaining this KEV catalog has allowed faster, more efficient responses by federal agencies while reducing attack surface across the board. These successes come despite an overall increase in flaws recorded across the KEV from a two-year period. Read more.
Gen Z three times more likely to fall for online scam than grandparents
Surprising new data from Google reveals that Gen Z is three times more likely to fall for phishing scams than their grandparents’ generation. The rate of internet scam artists successfully defrauding younger internet users is rising. In 2017, scammers stole $8 million from internet users under 20. Last year, scammers made off with over $200 million from the under 20 group. Read more.
RTX second-largest defense contractor in world sells cybersecurity business for $1.3 billion
The Dulles, Virginia-based cybersecurity contractor RTX has announced the sale of its company for $1.3 billion to an as-yet undisclosed buyer, reported by Reuters to be private equity giant Blackstone. The cybersecurity company is currently the second-largest defense contractor in the world. It offers digital security services and secure communications devices and is manned by over 2,000 cybersecurity sector employees. Read more.
LinkedIn tests new generative AI cybersecurity feature
The Microsoft-owned social networking site is testing a new generative AI feature to answer questions for employees and suppliers about site cybersecurity protocols. The chatbot was developed using OpenAI large language models. Early tests show the new feature reduces wait time to 5 seconds or under and is 90% accurate compared with 15 minutes per response from a human cybersecurity employee. Read more.
Google pushes passkeys as more secure login method than passwords
Google suggests doing away with passwords entirely, as the company proposes using more secure passkeys to log in to its services. Passkeys use biometrics like fingerprints or facial identification, as well as PINs to identify users, and are estimated to be more secure than even two-step verification methods. Google announces a plan to roll out new passkey features, hoping to reduce rates of stolen passwords and data breaches for users. Read more.
Germany wins the 2023 European Cybersecurity Challenge
The 9th Annual European Cybersecurity Challenge, with 34 teams representing EU member states, European Free Trade Association Countries, and five guest teams from Canada, Georgia, Serbia, Costa Rica, Singapore, and the USA, has come to a close. The winning teams are Germany first, followed by Switzerland and Denmark. The competition consists of teamwork-related cybersecurity challenges in areas such as hardware malfunctions, web and mobile security tests, crypto puzzles, reverse engineering and cyber forensics. Read more.
Biden Administration releases updated cybersecurity toolkit for healthcare sector
A joint release from CISA and the Health and Human Services Department shares that US hospitals are now considered a key target for hackers and urges the healthcare sector to take several key steps to reduce vulnerabilities. The updated guidelines include recommendations for vulnerability scanning, pre-ransomware notifications, and opening dialogue with peer organizations that have suffered similar breaches. Read more.
SolarWinds releases cybersecurity patches to address critical vulnerabilities
In the wake of the crippling 2020 SolarWinds hack, the company has released several crucial updates that healthcare organizations are urged to take notice of. The patches include fixes for three current critical vulnerabilities, known as CVE-2023-35182, CVE-2023-35185 and CVE-2023-35187. Left unaddressed, these three issues leave software vulnerable to hackers issuing arbitrary code. Upgrading to the latest SolarWinds system should address these concerns and several others. Read more.
CISA expands “no notice” penetration testing process
CISA has announced the expansion of one of its most effective tools against hackers, the “no notice” Federal Attack Surface Testing program, or FAST. The Fiscal 2021 National Defense Authorization Act granted CISA the authority to hunt down cyber threats across other federal agencies’ networks without first seeking approval. The testing program targets web-facing applications to conduct penetration testing, which the agency claims has already been a success across seven federal agency test cases this year. Read more.
Three-quarters of US small businesses report data breach in 2022
A new study from the non-profit Identity Theft Resource Center reports that 73% of small US businesses experienced at least one data breach last year. Employee and customer data were most likely to be targeted in small business cybersecurity threats. Despite the record number of attacks, 85% of small businesses say that they feel ready to weather a cyberthreat, compared to just 70% last year. Implementation rates for multi-factor authentication, mandatory strong passwords and role-based access for employees ranged from 20 to 34%, according to the study. Read more.
Okta hack wipes out $2 billion in market cap
Okta shares slumped by 11% after client files were accessed via a support system by an unidentified hacking group. The drop in share price eliminated more than $2 billion from the company’s market valuation. The identity management cybersecurity firm provides single login access to a number of well-known companies, including Zoom and its Google+ workspace applications, casino chains MGM and Caesars, and others. Read more.