Cyber Connections News Roundup: September 21

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 21

Apple Emergency Security Updates Close Spyware Flaw

According to a recent report on www.nytimes.com, Apple has issued emergency software updates for a vulnerability in its products after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer. The spyware, called Pegasus, invisibly infected Apple devices without victims’ knowledge through a method known as “zero click remote exploit.” Apple has urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2. Read more.

UN Calls for Human Rights Safeguards on AI

On Sept. 15, the United Nations’ top human rights official, Michelle Bachelet, called for a global moratorium on the sale and use of artificial intelligence systems that pose human rights concerns until safeguards are put in place. According to a recent article on www.cyberscoop.com, Bachelet pointed to several ways the technology is used in decision-making that can have life-altering consequences, including the rise in the use of facial recognition technology in policing and subsequent cases of false arrests. Read more.

HHS Issues Warning About BlackMatter Ransomware

According to a recent article on www.healthcareitnews.com, the Department of Health and Human Services’ (HHS) cybersecurity arm, the Health Sector Cybersecurity Coordination Center (HC3), recently released a warning about BlackMatter ransomware. BlackMatter claims that they would not attack hospitals. Still, HC3 cautioned that this claim may not be accurate. BlackMatter’s target countries include the US, India, Brazil, Chile and Thailand, and the list is growing. HC3 issued best practices to mitigate BlackMatter, including providing social engineering and phishing training to employees; keeping patches up to date; implementing spam filters at email gateways; and blocking suspicious IP addresses at firewalls. Read more.

Preventing Man-in-the-Middle Attacks Starts with Secure Wi-Fi

A recent article on www.cisomag.com offers a primer on n a man-in-the-middle (MITM) attacks and how to prevent them. MITM attacks, in which the perpetrator places himself in an ongoing communication or data transfer between an application/service and its user to spy or impersonate someone, focus mainly on stealing personal information like bank account numbers, credit/debit numbers, account login credentials, and other banking-related data. Common attacks occur as email hijacking, IP spoofing, session hijacking, DNS spoofing or Wi-Fi eavesdropping. Detecting and preventing MITM attacks start with avoiding public or insecure Wi-Fi connections while using ecommerce or banking websites. Read more.

Moody’s Tackles Cybersecurity Risks Through Investment in BitSight

Moody’s, the is the bond credit rating business of Moody’s Corporation, has announced that it is spending hundreds of millions of dollars to better evaluate the cybersecurity risks that face America’s largest corporations, according to a recent report on www.wtop.com. The company aims to assess the risks that ransomware and other digital threats pose to Fortune 500 firms and government agencies by investing $250 million in cybersecurity ratings company BitSight, which uses an algorithm to assess the likelihood that an organization will be breached. Read more.