At a glance.
- Risks and reports.
- Threat actor activity.
- Vulnerabilities affect Zendesk Explore.
- Vulnerabilities in Amazon RDS may expose PII.
- CISA releases Stakeholder Specific Vulnerability Categorization (SSVC).
- A study of the language of fraud.
- Australian Federal Police say they know who hacked Medibank.
- Software supply chain risk.
- Difficulties with Twitter's SMS 2FA system.
- PCI Security Standards Council issues new mobile payment standard.
Risks and reports.
A report from Moody’s says that the cryptocurrency ecosystem’s vulnerability to cyberattacks is restricting the sector’s growth. Moody’s says this trend was most recently highlighted by the hacks sustained by FTX shortly after the exchange filed for Chapter 11 bankruptcy last week. Moody’s explains that applications built on the blockchain rely on a “tangle of technologies” that opens them up to attacks. The researchers note that more attacks are now targeting decentralized finance (DeFi) companies compared to centralized finance (CeFi).
The recent collapse, bankruptcy, and compromise of the FTX cryptoexchange bring many of these vulnerabilities into relief. CoinDesk describes a hack sustained by FTX several hours after the exchange filed for bankruptcy. Unknown hackers stole more than $600 million from FTX crypto wallets. WIRED outlines the efforts industry and law enforcement are taking to track the stolen funds. For more on crypto and blockchain issues, see CyberWire Pro.
Moody's Monday morning published a look at cyber risk across various sectors. While most sectors are seeing trends toward decentralization, more remote access, and, of course, further digitization of their operations, not all are equally exposed. "Critical infrastructure sectors like electric, water and other utilities have the highest risk exposure and a growing reliance on digitization but make up only a small share, about 3.5%, of overall rated debt." That risk doesn't mean these sectors are relatively poorly protected, but rather that the consequences of a successful attack could be severe and widespread.
The report concludes, "As of now, the sectors facing the lowest threat exposure happen to be the least digitized: coal mining, construction, oilfield services, and paper and forest products. And as organizations in recent years have accelerated their move to digitized processes, information, systems and networks, that transformation potentially leaves a door open for opportunistic hackers."