September 2022 - Page 5 of 5 - Cyber Security Minute

AMTSO Publishes Guidance for Testing IoT Security Products

Issued by: Security Week

The Guidelines for Testing of IoT Security Products cover the principles for testing security products for IoT, recommendations on setting up testing environments, the testing for specific security functionality, and performance benchmarking. The document encourages testers to focus on validating the end result and the performance of the provided protections and not to differentiate products…

Application Security, Software Security

The Makings of a Successful Threat-Hunting Program

Issued by: Dark Reading

Over the last few years, an influx of high-profile industry security issues (PDF) have placed offensive tactics among the top priorities for corporations to help mitigate the risk of a potential attack. With many companies opting to continue remote and hybrid working environments, potential security risks cannot go ignored or be left to chance, and…

Cloud Security, Mobile Security

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

Issued by: Dark Reading

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…

Malware & Threats

Ransomware Attacks Target Government Agencies in Latin America

Issued by: Security Week

Several government agencies in Latin America were targeted in ransomware attacks in the past months, and the latest victims are Chile and the Dominican Republic. read moreChile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi…

Malware & Threats

Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack

Issued by: Security Week

The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data. “TAP was the target of a cyberattack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has…