Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Some good news for a change.

3 Native American tribes use Nokia tech to bring 4G and 5G to remote towns in four states

Tribes in Oklahoma, North and South Dakota, and California will use hardware originally designed for private 5G networks.

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

Original release date: April 26, 2021

The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities. The SVR activity—which includes the recent SolarWinds Orion supply chain compromise—primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information.  More…

Apple AirDrop users reportedly vulnerable to security flaw

Someone with the right know-how can obtain your phone number and email address when you try to share a file from your iPhone, say researchers at the University of Darmstadt.

Linux on Windows: This new upgrade allows you to run graphical apps simply and effectively

Microsoft has released a preview of its graphical tooling for WSL 2, and it’s surprisingly good.

CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks

Original release date: April 26, 2021

A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further compromise customer data or systems.

To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.

CISA encourages users and administrators to review Defending Against Software Supply Chain Attacks and implement its recommendations.

Low-code and no-code won’t kill developer jobs, here’s why

Developers are the Jedis of innovation. Low-code and no-code won’t change that, but it will bring more people into the field of software development and help companies be more agile.

BlackBerry has built the iOS of cars, and it’s taken over the automotive industry

Do you ever wonder what happened to Blackberry?  They owned the business wireless cell phone market at one time, with the Blackberry, a device that integrated voice, text messaging, and email.  Then the iPhone nearly killed them.

They are still around and a force in embedded systems used in automobiles. It might be running in your car right now, but you’d never know it because there’s no “Intel Inside”-like badge. And that’s just how BlackBerry likes it.

PHP community sidesteps its third supply chain attack in three years

Third time lucky! (The first two times were lucky, too, luckily.)

Experiean Flaw Fixed…or was it?

Credit bureau Experian just fixed a weakness w/ a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name & mailing address. The guy who found it is worried Experian’s fix doesn’t go far enough krebsonsecurity.com/2021/04/experi…



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.