Editorial Note: Opinions expressed here are author’s alone, not those of any bank, credit card issuer, hotel, airline or other entity. This content has not been reviewed, approved or otherwise endorsed by any of the entities included within the post. We may earn a commission from partner links on Newsweek, but commissions do not affect our editors’ opinions or evaluations.
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
SentinelOne ends Wiz collaboration following acquisition rumors
SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.
Hackers may be breaking into LastPass vaults compromised in data breach
Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.
Semiconductor company NXP discloses data breach
Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months. No other information was exposed, NPX said.
Data breach at golf equipment maker Callaway impacts one million people
Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer.
New report details how China is weaponizing…
Eight years ago, Samsung set out on a mission to build the most trusted and secure mobile devices in the world. With the introduction of our Samsung Knox platform at MWC in 2013, we put in place the key elements of hardware-based security that would help defend Samsung mobile devices and our customers’ data against increasingly sophisticated cyber threats.
Samsung Knox has since evolved into more than a built-in security platform, now encompassing a full suite of mobile management tools for enterprise IT administrators. But our mobile product planners, developers and security engineers have remained laser-focused on answering the primary question: how do we remain a step ahead of hackers and keep our users safe at all times?
Samsung Knox Vault represents the latest step in that journey. It’s the logical evolution of something we’ve been working on for years: an isolated, hardware-based and highly secure environment for the most critical information on the device.
To understand what Samsung Knox Vault is, let’s first run through a quick history of how the principle of isolation has been fortifying Samsung’s Knox mobile security platform.
In the first days of Android, the main focus was building a more open and flexible mobile operating system. Security was state-of-the-art for the time, inherited from the world of Unix and mainframe computers. But from the start, it became clear that smartphones were different; they were the most personal computers anyone had ever built.
Samsung quickly realized that we needed to think harder about the threat model on such a personal device — particularly how to give extra protection to critical information such as private keys and digital certificates. That’s where the idea of using Trusted Execution Environments (TEEs) on our mobile devices came in. Within the ARM processors in our Galaxy smartphones, we pioneered the use of TEE-based protections using a feature called TrustZone.
The goal of TrustZone is to isolate the software that manages the most sensitive device data: passwords, biometrics, and cryptographic keys. It does this by running a different OS alongside Android. In…
You may already be going to be there without realising it, as the event is happening at the same place as IDC’s Identity & Privacy Conference.