It is the last day of the month and that can mean only one thing… It is time for cyber security news Feb 2023! For this latest round-up, we turn to The Hacker News. They are described as “the leading and go-to source for timely and relevant breaking news from the world of cybersecurity.” The stories we look at here include Twitter announcing a limit on the use of SMS-based two-factor authentication (2FA). We then move onto an article on new benefits to be reaped through regular penetration testing. Finally, comes a reflective piece on the worst breaches, attacker tactics and techniques of 2022.
Read our selection of cyber security news pieces from January 2023.
Twitter to limit the use of SMS-based 2FA
In March 2023, the social media giant will be limiting 2FA to its Blue subscribers. This means that no other Twitter accounts will be able to enrol in the text message/SMS method. The move comes as a result of “phone-number based 2FA [being] used – and abused – by bad actors,” What does this mean to Twitter users who do not have a Blue subscription? They will have until March 20th this year to adopt an alternative method such as an authenticator app. Non-Blue subscribers will then have their 2FA option disabled as of March 21st.
SecOps and DevOps conflicts can be solved with “continuous security”
Security and development teams are frequently at odds with one another as each pulls in the opposite direction. SecOps teams are cautious and eager to eradicate security vulnerabilities. DevOps teams on the other hand seek rapid delivery when it comes to new features. This dynamic can lead to tension and conflict, ultimately also often then leaving organisations open to security risks. How can this be avoided? One way is to adopt a continuous security approach.
Continuous security is a methodology in which the SecOps team is involved early on in the development process. Together with the developers, they identify risks with new features and find ways to mitigate them. This methodology also incorporates regular pen tests, as opposed to periodic testing.
Contact the security experts at CRIBB to find out more about penetration testing and security strategy.
How to defend against the worst breaches, tactics & techniques of 2022
In this piece, The Hacker News identifies 3 “overlooked cyber security breaches”:
- Ransomware as a Service (RaaS, a cyber-attack in which ransomware software and infrastructure are leased out to attackers)
- Attacks on critical infrastructure (i.e., breaches of water / power supply plants and sewage systems)
- 3-Step Ransomware attacks (where the attacker infiltrates a network, engages in ‘network activity’ – collecting passwords etc. – and then exfiltrates data)
Here is how you can mount a defence against these:
- To combat RaaS, it is critical to have complete network visibility
- Water / power supply organisations must use robust attack surface management tools to uncover vulnerabilities easily
- To defend against a 3-step ransomware attack, you should consider adopting a multiple choke point approach. This is where you do not look at such an attack as a set of disparate issues. It can be achieved by having full network visibility and also a single pass security stack
That is all for cyber security news Feb 2023; as ever, we’d love to know your thoughts on our selection. If we missed anything key out, then we encourage you to get in touch and reveal all. Of course, if you simply want to find out more about cyber security, then we want to hear from you also!