DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract Requirements
JD Supra
“This new initiative significantly expands the potential liability of federal contractors and healthcare provider that participate in federal healthcare programs related to data privacy and cybersecurity issues.” Read More
Cybersecurity Takes the Wheel as Auto Industry’s Top Priority
Dark Reading, Yash Prakash
“The auto industry’s reliance on software and connectivity will only become more pronounced in the years to come. Building effective cybersecurity into all aspects of new vehicles and systems is essential to ensuring the future success of the automotive industry.” Read More
27 flaws in USB-over-network SDK affect millions of cloud users
Bleeping Computer, Bill Toulas
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.” Read More
SolarWinds hackers have been quietly targeting governments, cloud providers
SC Magazine, Derek B. Johnson
“The SolarWinds campaign was about who were the vendors you trust and all the different software in your environment, and this threat actor leveraged that one-to-many relationship pretty well. When we fast forward to now and talking about the cloud service providers, that’s them again saying why spend a lot of effort targeting a dozen individual companies when I can instead target one company that can then get me into those dozen ones.” Read More
GraphQL API authorization flaw found in major B2B financial platform
ZD Net, Jonathan Greig
“It is tempting to believe that mobile apps create an obscurity layer that is hard for attackers to crack, but decades of experience show that security through obscurity just doesn’t get the job done. Organizations need to make sure every transaction requires authorization and every step of a transaction is checked to make sure the permissions are appropriate for what is being attempted.” Read More