Ensuring robust cybersecurity measures is one of the most crucial challenges for small businesses as well as global conglomerates. However, business managers and IT-admins can keep themselves abreast of the latest happenings in the field to anticipate any cyber attack on their organization to some extent. The following headlines have been written keeping the same purpose in mind
UK To Ban Huawei Equipment In 5G Networks
The UK government has formulated a detailed plan following its July decision on Huawei equipment ban in 5G networks. The plan gives UK-based telecom operators time until 2027 to eliminate all Chinese technologies they might be using. And it’s no surprise that the United States favors this significant move by the British government to restrict any Huawei equipment installation in the 5G networks after September 2021.
The ongoing conflict between Huawei and the US continues as the US keeps sticking to its security concerns with Huawei, and the latter keeps denying all allegations. The UK, too, perceives Huawei as a ‘high-risk vendor’ and is working on its cybersecurity measures to replace Chinese equipment with indigenous technology. For instance, they are initially spending £250 million to explore Open Radio Access Network (Open RAN) technology that shall enable multiple suppliers to operate in a single mobile network.
Dark Caracal Resurfaces
Just when we thought this cyber adversary had stopped operating and disappeared for good, security researchers discovered traces of its existence. We are talking about the Black Caracal or Dark Caracal APT group, which has created havoc in the cyber world until some time back and is believed to have resurfaced. Associated with a Lebanese intelligence agency, the Dark Caracal APT group uses a new variant of the 13-year-old Bandook trojan to launch its recent attacks.
Dark Caracal uses a Word document embedded with a malicious script and an external template with macros to lure victims. This is followed by the PowerShell loader and finally the Bandook Trojan. Dark Caracal may not be as malicious and destructive as other APT actors but taking email protection measures is necessary to avoid being the target of their attacks.
25 Countries Use Circle To Spy On Citizens
The latest revelation of Citizen Lab shall leave you astonished. Research has revealed that the surveillance firm Circle (a sister firm of NSO Group) provides its spyware services to at least 25 governments. The involved nations include Indonesia, Morocco, Nigeria, Israel, Kenya, Malaysia, Mexico, Peru, Australia, Belgium, Serbia, Thailand, and the United Arab Emirates, among others.
The NSO Group is already facing a lawsuit from Facebook for aiding attackers to spy on Whatsapp users. Now the ties of its sister firm Circle with governments across the world isn’t any surprise. Circle exploits Signalling System No. 7 (SS7) vulnerabilities and lets attackers track a phone, intercept its calls and even mess with two-factor authentication texts. Interestingly enough, Circle’s products go undetected in email security service checks, and Forbes believes that both NSO Group and Circle have high ethical standards. But Citizen Lab has evidence to believe the opposite!
Efficiency Needed In Detecting Open Source Software Vulnerabilities
The adversaries get a chance to take over systems when vulnerabilities go undetected and unattended for a long time. A recent GitHub’s report suggests that it takes over four years on average to detect an open-source software vulnerability. It is now more than ever before that services and technologies (including banking, healthcare, and other sectors) are depending on open source projects.
Although security fixes are made available within a month, vulnerability detection can take years. However, the silver lining is that only 17% of all detected vulnerabilities were malicious. One fundamental way to ensure ransomware protection is not leaving vulnerability unattended. In times when open source shapes so many industries, it is only wise that the vulnerability detection process is speeded up in the community.
FINRA Member Firms Beware Of Phishing Attacks
The SEC supervised US NPO Financial Industry Regulatory Authority (FINRA) is asking its member brokerage firms to look out for phishing emails from a recently registered fake web domain impersonating FINRA. The phony domain invest-finra.org was created through Gandi on 5th November.
Though FINRA has asked Gandi to disable services for the fake domain, it is still reachable, and hence, members must consider opting for email security as a service. Any emails received from invest-finra.org must be deleted at once. Recipients must abstain from responding to, opening attachments, or clicking on embedded links in such suspicious emails. For further details, firms are advised to go through FINRA’s resources on their website.
Privacy Act 2020 Comes To Effect in New Zealand
As of 1st December, New Zealand shall denounce the Privacy Act 1993 and adhere to the new privacy laws introduced by the Privacy Act 2020. The new act makes it mandatory for all firms handling employee and customer data to appoint a privacy officer and report all security incidents with a “risk of harm.” A failure in executing the same shall subject firms to penalties up to NZ$10,000 ($7,000) or NZ$230,000 ($162,000) if then Privacy Commissioner reports the incident to the Human Rights Tribunal.
The new privacy law grants greater power to the Privacy Commissioner to investigate an organization’s cybersecurity standards. The government has launched a cybersecurity tool called NotifyUs, which businesses can use to identify whether a security incident needs to be reported. Amidst all the data breach incidents, New Zealand’s new Privacy Act is a ray of hope for citizens.
And that’s the week that was.