Welcome reader to your CybersecurityHQ report.

Headlines

In Japan’s recent military build-up and close collaboration with the US, cybersecurity has become a sticking point. Prime Minister Fumio Kishida recently expressed commitment to helping with security threats around the world while also strengthening ties with AUKUS partners Australia and Britain. But US officials say that Japan’s cybersecurity weaknesses are proving a major concern.

Recent cyber incidents, like the hacks of its largest port and Mitsubishi Heavy Industries, are raising doubts that Tokyo will be as much of an asset as a liability. For that reason, the US State Department has said that when choosing how to work with Japan, the country’s "ability to adequately protect sensitive data and information” would be taken into consideration.

The popular home camera provider Ring has just settled over Federal Trade Commission (FTC) charges that the company gave employees and contractors access to customer videos. It also failed to use security protections to keep hackers from accessing accounts, cameras, and private videos. The May 2023 complaint states that Ring, purchased by Amazon in 2018, deceived its customers about this situation.

According to the Commission’s own statement, “The FTC is sending 117,044 PayPal payments to consumers who had certain types of Ring devices, such as indoor cameras, during periods when the FTC alleges unauthorized users may have had access to customer videos. Consumers should redeem their PayPal payment within 30 days.

Technology juggernaut Cisco is now saying that hackers used some of the company’s digital security devices to break into government networks. The threat actors used the exploit UAT4356 in Cisco’s Adaptive Security Appliances.

In the company’s blog post covering the hack, Cisco attributes the attack to a “sophisticated state-sponsored actor.” They also say they’ve already successfully patched the vulnerability.

Interesting Read

The Ransomware Task Force April 2024 Progress Report is available here (PDF). It provides some alarming insights into the landscape of cybersecurity threats — including a 37% increase in ransomware attacks on critical infrastructure reported to the FBI in 2023 compared to the previous year. Across all industries, the increase looks more like 18% from 22 to 23.

As is typical with think tank documents of this kind, the report ends with some pretty sweeping recommendations for tackling the rising tide of ransomware attacks. They include collaboration between governments, industry, and civil society as a whole. While that might feel like a vast undertaking, looking at the numbers measuring the impact of these attacks begins to make it seem well worth the effort.

Employment Tip: Build Experience in Cloud Security Platforms

Cloud computing is becoming an ever-more popular way for companies to operate their IT systems, taking advantage of the convenience of services like AWS, Azure, and GCP. But cloud computing will always be more vulnerable, making cloud-specific certifications an enormous benefit to your resume.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team