The most interesting news from the world of cyber security
It’s Wednesday, the middle of the week, and there’s plenty of cyber security news to get to. We’ve got more encrypted phone problems, Ethereum problems, PKI weaknesses for Code Signing, and the UK trying to train a new generation of cyber security professionals.
As always, here are the most interesting things happening in the world of Cyber Security:
Texas Shooter’s Phone is Encrypted
The debate about encryption is set to heat up again as the FBI has not yet been able to access the encrypted contents of the shooter’s phone. Already, influential US figures – including the deputy attorney general, Rod Rosenstein – have called for “responsible” encryption. The sort that a government or private company with enough computing power could crack. This is idiotic. But expect the debate to pick up again soon.
Hundreds of Millions of dollars worth of Ethereum Cryptocurrency frozen
Ethereum is a popular cryptocurrency, second perhaps, only to Bitcoin. Unfortunately, Tuesday was not a good day for Ethereum as a vulnerability within a popular wallet caused upwards of hundreds of millions of dollars worth of the currency to be frozen. This is is the second issue of this kind that Ethereum has faced this year, back in July nearly 30-million dollars worth of the cryptocurrency was stolen with a similar exploit. The name of the wallet company is Parity Technologies. The vulnerability affects multi-sig wallets that were deployed after July 20.
Researchers Identify Weaknesses in Code Signing PKI
A group of researchers at the University of Maryland released a report last week that outlines three weakenesses in code signing PKI:
- Inadequate client-side protection of certificates
- Publisher-side key mismanagement
- Certificate Authority verification failures
The group reviewed over 150,000 malware samples and found 325 malicious programs signed with valid, revoked or malformed keys.
[Source: Threat Post]
UK Ramping up Cyber Security Training
The United Kingdom is taking active steps to improve its security posture. In addition to posting jobs for people with exisiting expertise, the country is also holding training for workers looking to get into the field. “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale,” said Matt Parsons, head of cyber security skills at the DCMS. “The National Cyber Security Strategy outlines a number of strategic outcomes, one of which is that the UK has a sustainable supply of home-grown cyber security professionals to meet the growing demands of an increasingly digital economy in both the public and private sectors – and in defence.”
[Source: Computer Weekly]
Burnout, Bad Culture are the leading reasons talented Cyber Security personnel leave
Speaking of the cyber security skillset, Dr. Andrea Little Limbago at Endgame recently conducted a survey among security professionals. The two biggest factors in those professionals leaving their companies and sometimes the industry itself are: burnout and company culture. Both of these make a lot of sense. Security teams are typically understaffed, overworked and under-budgeted.
[Source: Dark Reading]