Posted on by Leave a comment

The Latest News and Updates on Cybersecurity and Privacy Issues v1.2

The Latest News and Updates on Cybersecurity and Privacy Issues

Learn The Latest News And Updates On Cybersecurity And Privacy Issues Today!

By Bing Chat and John Monyjok Maluth

Introduction

Cybersecurity and privacy are two of the most important and challenging issues in the digital age. As technology evolves and becomes more integrated into our lives, we face new threats and opportunities to protect our data, identity, and online activities.

Related: Technology Ultimate Guide

In this article, we will review some of the latest news and updates on cybersecurity and privacy issues, such as:

  • Google’s new cybersecurity updates and initiatives
  • Google’s new privacy controls related to browsing history, Password Manager, and more
  • The UK and US’s international dialogue to advance cyber support for groups that strengthen democracy
  • The NCSC and NCA’s joint white paper on the world of cyber criminals
  • The NCSC’s Cyber Incident Response scheme expansion
  • The NCSC and allies’ most common cyber vulnerabilities exploited in 2022 report
  • The NCSC and Information Commissioner’s Memorandum of Understanding

Google’s new cybersecurity updates and initiatives

In commemoration of the 20th anniversary of Cybersecurity Awareness Month, Google LLC today introduced various updates and initiatives to enhance cybersecurity and ensure user-friendly online experiences1. Some of the updates and initiatives include:

  • A new security dashboard that provides a comprehensive overview of the security status of users’ Google accounts, such as sign-in activity, security alerts, third-party access, etc.
  • A new security checkup tool that helps users identify and fix potential security issues, such as weak passwords, compromised devices, phishing attempts, etc.
  • A new password import feature that allows users to import passwords from other password managers into Google Password Manager, which is a secure and convenient way to store and autofill passwords across devices.
  • A new phishing protection feature that warns users when they visit a suspicious website that may try to steal their credentials or personal information.
  • A new advanced protection program for high-risk users, such as journalists, activists, politicians, etc., that provides extra layers of security, such as hardware security keys, malware scanning, account recovery assistance, etc.

Google also announced that it is investing $10 billion over the next five years to expand its cybersecurity capabilities and partnerships with other organizations, such as governments, nonprofits, academic institutions, etc., to improve the global cyber resilience1.

Google’s new privacy controls related to browsing history, Password Manager, and more

The tech giant announced that it’s offering Android users easier access when clearing their browsing history, letting iOS users make Google Password Manager the default autofill provider and making it easier for all users to access its dark web report feature2. Some of the new privacy controls include:

  • A new clear browsing data button that allows Android users to delete their browsing history from Chrome’s homepage with one tap.
  • A new default autofill option that allows iOS users to choose Google Password Manager as their preferred password manager for Safari and other apps.
  • A new password checkup feature that alerts users when their passwords have been exposed in a data breach or are reused across multiple sites.
  • A new dark web report feature that scans the dark web for users’ compromised credentials and provides them with steps to secure their accounts.

Google also announced that it is working on new features to enhance user privacy, such as:

  • A new privacy sandbox initiative that aims to create web standards that preserve user privacy while supporting online advertising.
  • A new federated learning of cohorts (FLoC) proposal that groups users into cohorts based on their browsing behavior without revealing their individual identities or browsing history.
  • A new first-party sets proposal that allows related websites to share cookies without third-party tracking.

The UK and US’s international dialogue to advance cyber support for groups that strengthen democracy

Agency heads from nine countries share insights and approaches to help improve collective cyber resilience of global democracy3. The dialogue was hosted by the UK’s National Cyber Security Centre (NCSC) and the US’s Cybersecurity and Infrastructure Security Agency (CISA) on September 29th. The dialogue involved representatives from Australia, Canada, Estonia, Finland, New Zealand, Norway, Sweden, the UK, and the US. The dialogue focused on three main topics:

  • How to provide cyber support for civil society organizations (CSOs) that promote democracy, human rights, media freedom, etc.
  • How to counter cyber threats from state-sponsored actors that target democratic institutions and processes.
  • How to foster international cooperation and coordination on cyber issues related to democracy.

The dialogue resulted in several outcomes, such as:

  • The establishment of a working group to develop a framework for providing cyber support for CSOs.
  • The endorsement of a joint statement on countering ransomware attacks.
  • The agreement to continue the dialogue on a regular basis.

The NCSC and NCA’s joint white paper on the world of cyber criminals

Joint white paper from the NCSC and NCA details how organised criminal groups have evolved as ransomware and extortion attacks have grown4. The white paper was published on September 11th by the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA). The white paper provides an overview of the current threat landscape, the modus operandi, and the impact of cyber criminals, especially those involved in ransomware and extortion attacks. The white paper also provides recommendations for businesses and individuals to protect themselves from cyber attacks. Some of the key findings and recommendations of the white paper include:

  • Ransomware and extortion attacks have increased in frequency, sophistication, and impact in recent years, affecting various sectors and organizations of different sizes and locations.
  • Cyber criminals use various techniques and tools to conduct ransomware and extortion attacks, such as phishing emails, malware, encryption, data theft, denial-of-service, etc.
  • Cyber criminals operate in a complex and dynamic ecosystem that involves various actors, such as developers, distributors, affiliates, brokers, negotiators, etc.
  • Cyber criminals are motivated by various factors, such as financial gain, ideological beliefs, political agendas, personal grievances, etc.
  • Cyber criminals face various challenges and risks, such as law enforcement actions, technical issues, competition, reputation damage, etc.
  • Businesses and individuals should adopt a proactive and holistic approach to cyber security, such as implementing basic cyber hygiene practices, following the NCSC’s guidance on mitigating malware and ransomware attacks5, reporting incidents to the relevant authorities, etc.
  • Businesses and individuals should also adopt a resilient mindset and prepare for the worst-case scenario, such as having backup plans, contingency funds, crisis management teams, etc.

The NCSC’s Cyber Incident Response scheme expansion

Help investigating and recovering from cyber attack now available from a larger pool of assured providers6. The NCSC announced on September 13th that it has expanded its Cyber Incident Response (CIR) scheme to include more providers that can offer assistance to organizations that have suffered a cyber attack. The CIR scheme is a certification program that assures the quality and standards of cyber incident response services offered by external providers. The CIR scheme aims to help organizations recover from cyber attacks quickly and effectively. The CIR scheme covers four categories of cyber incidents:

  • CIR Core: for incidents that have a significant impact on the UK’s national security or economic well-being.
  • CIR Small Business: for incidents that affect small businesses with less than 250 employees or less than £50 million annual turnover.
  • CIR Charity: for incidents that affect charities with less than £50 million annual income or less than 250 employees.
  • CIR Local Government: for incidents that affect local authorities or other public sector bodies with less than 250 employees or less than £50 million annual budget.

The NCSC also provides guidance on how to choose a CIR provider, how to report a cyber incident, and how to prepare for a cyber incident.

The NCSC and allies’ most common cyber vulnerabilities exploited in 2022 report

New advisory highlights how threat actors exploited a larger number of older software vulnerabilities rather than more recently disclosed flaws last year. The advisory was published on August 3rd by the NCSC and its allies from Australia, Canada, New Zealand, and the US. The advisory provides a list of the top 30 vulnerabilities that were most commonly exploited by malicious cyber actors in 2022. The advisory also provides mitigation advice and best practices for organizations to prevent or reduce the impact of these vulnerabilities. Some of the key findings and recommendations of the advisory include:

  • Most of the vulnerabilities exploited in 2022 were related to remote work or cloud-based technologies, such as virtual private networks (VPNs), cloud-based collaboration tools, web servers, etc.
  • Most of the vulnerabilities exploited in 2022 were disclosed before 2022, some dating back to 2014. This indicates that many organizations failed to apply timely patches or updates to their systems.
  • Most of the vulnerabilities exploited in 2022 were used for initial access or reconnaissance purposes by threat actors. This means that threat actors used these vulnerabilities to gain a foothold or gather information on their targets before launching further attacks.
  • Organizations should prioritize patching or updating their systems regularly and promptly, especially for critical or high-risk vulnerabilities.
  • Organizations should implement basic cyber hygiene practices, such as using strong passwords, enabling multi-factor authentication (MFA), disabling unused ports or services, etc.
  • Organizations should monitor their networks and systems for any signs of compromise or anomalous activity.

The NCSC and Information Commissioner’s Memorandum of Understanding

The joint MoU sets out how the organisations will cooperate to improve the UK’s digital resilience. The MoU was signed on September 12th by the NCSC’s CEO Lindy Cameron and the Information Commissioner Elizabeth Denham. The MoU aims to establish a framework for collaboration and information sharing between the two organizations on matters related to cybersecurity and data protection. The MoU covers four main areas of cooperation:

  • Strategic engagement: The two organizations will maintain regular communication and consultation at senior levels on strategic issues and priorities.
  • Operational coordination: The two organizations will coordinate their operational activities and responses to cyber incidents that affect personal data or information rights. They will also share relevant information and intelligence on cyber threats, vulnerabilities, and trends.
  • Policy development: The two organizations will collaborate on developing and promoting policies and guidance that support cybersecurity and data protection objectives and standards. They will also consult each other on any policy issues or proposals that may affect their respective remits or interests.
  • Public awareness and education: The two organizations will work together to raise public awareness and understanding of cybersecurity and data protection issues and best practices. They will also support each other’s initiatives and campaigns to educate and empower individuals and organizations on how to protect their data and online activities.

The MoU also outlines the principles, procedures, and safeguards for information sharing and confidentiality between the two organizations. The MoU is expected to enhance the UK’s digital resilience and security, as well as protect the rights and interests of individuals and organizations in the digital environment.

Conclusion

The article is about the latest news and updates on cybersecurity and privacy issues, such as Google’s new cybersecurity updates and initiatives, Google’s new privacy controls related to browsing history, Password Manager, and more, the UK and US’s international dialogue to advance cyber support for groups that strengthen democracy, the NCSC and NCA’s joint white paper on the world of cyber criminals, the NCSC’s Cyber Incident Response scheme expansion, the NCSC and allies’ most common cyber vulnerabilities exploited in 2022 report, and the NCSC and Information Commissioner’s Memorandum of Understanding. The article also provides recommendations and best practices for organizations and individuals to protect themselves from cyber threats and enhance their digital resilience.

References

  • Google. (2023, October 4). Google announces $10 billion investment to advance cybersecurity. Retrieved from [Google]
  • Google. (2023, October 5). New privacy controls for Chrome on Android and iOS. Retrieved from [Google]
  • National Cyber Security Centre. (2023, September 29). UK-US host international dialogue to advance cyber support for groups that strengthen democracy. Retrieved from [NCSC]
  • National Cyber Security Centre & National Crime Agency. (2023, September 11). The world of cyber criminals: A joint white paper from the NCSC and NCA. Retrieved from [NCSC]
  • National Cyber Security Centre. (n.d.). Mitigating malware and ransomware attacks. Retrieved from [NCSC]
  • National Cyber Security Centre. (2023, September 13). Help investigating and recovering from cyber attack now available from a larger pool of assured providers. Retrieved from [NCSC]
  • National Cyber Security Centre & Cybersecurity and Infrastructure Security Agency. (2023, August 3). Most common cyber vulnerabilities exploited in 2022. Retrieved from [NCSC]
  • National Cyber Security Centre & Information Commissioner’s Office. (2023, September 12). Memorandum of Understanding between the Information Commissioner’s Office and the National Cyber Security Centre. Retrieved from [NCSC]

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.