This week:

3 – Cyber insurance has got more ‘friendly’.

2 – An Android security feature could make Android apps less secure.

1 – Security vulnerability reports could make organisations more vulnerable.

 


 

3 – Cyber insurance has got more ‘friendly’.

“The European cyber insurance market has become much more friendly.[even though] the frequency and severity of claims, especially ransomware claims, have increased”.

Summary: According to Marsh, the cost of cyber insurance cover in Europe has dropped, and the scope of cover has increased. This shift is driven by increased competition among insurers and because “the implementation of cybersecurity controls has improved significantly year over year from 2021 to 2023”, resulting in decreased rates and more favourable terms for buyers.

So what? Assuming you have implemented reasonable security measures, you can now get more comprehensive and cost-effective insurance coverage.

Source: Insurance Daily News  (and sent my way by Philip Breen)

 


 

2 – An Android security feature could make Android apps.. less secure

“[Android] malware [named Snowblind] is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.”

Summary:

The Snowblind malware exploits a security feature in Android to bypass anti-tampering protections. By repackaging apps and abusing accessibility services, it can be used to “disable various security features in apps, such as two-factor authentication, or biometric verification [as well as] read sensitive information displayed on the screen, navigate the device or control apps, bypass security measures by automating interactions that would typically require user intervention, as well as [stealing] sensitive personally identifiable information and transaction data.”

So what?

Ensure your Android devices have (been replaced with Apple devices) updated security measures and be cautious about where you download your apps from.

Source: BleepingComputer

 


 

1 – Security vulnerability reports could make US chemical facilities.. more vulnerable

“The chemical sector holds all the ingredients necessary for a recipe of destruction. [Unfortunately] Chemical facilities across the US that utilize the Cybersecurity & Infrastructure Security Agency’s (CISA) ‘Chemical Security Assessment Tool’ could be [more vulnerable] following a data breach.”

Summary:

CISA’s Chemical Security Assessment Tool is supposed to “help facilities stay on top of risk-assessments by providing a security vulnerability assessment and site security plan if they are determined to be a high-risk facility that could be targeted by terrorists”. Unfortunately, cyber attackers found a way to break into the CSAT tool, and this may now mean that the attackers now have the vulnerability and security plans for these chemical facilities.

So what?

I know Homer Simpson worked in a nuclear plant rather than a chemical plant, but I will leave him with the last word this week: Doh!

Source: Tech Radar (via ASPI)