Weekly News Roundup July 3-7, 2023

Posted on by Kacy Zurkus

While many in the US took a respite from work to celebrate the Fourth of July, news of cyberattacks and threats lit up headlines like a fireworks display. A cybersecurity incident at Suncor sparked a response from the energy company, which announced this week that it will be implementing several security measures including replacing employee computers.

A ransomware gang believed to have ties to Russia released a major burst of sensitive data stolen from Australian law firm HWL Ebsworth. But a vulnerability patch released by Fortinet on June 13 didn’t ignite a flame amongst many FortiGate firewall users. According to security researchers at Bishop Fox, a nearly 70% of Fortinet’s FortiGate firewalls remain unpatched.

And in my final play on sparkling words, dear reader, I’ll let you know that a particularly exciting launch put women in the spotlight this week. Women in CyberSecurity (WiCyS) announced a new program, “designed to help women working in cybersecurity develop their public speaking skills and connect them to speaking engagements.”

Be sure to visit our Library for educational content that can help with your specific needs. Also, I want to remind you that RSAC 365 accepts submissions year-round. You too can share your expertise in a podcast, webcast, seminar, or blog by submitting a topic for consideration here. Now let’s take a look at what else made industry headlines this week.

Jul. 7: After Ultimate Kronos Group (UKG) suffered a ransomware attack that impacted many of its Kronos Private Cloud customers, victims filed a class action lawsuit, which has been resolved with a $6 million settlement.

Jul. 6: “A cyberespionage group tied to the Iranian government that’s known for its sophisticated and highly targeted phishing lure was recently observed switching payload delivery tactics from document template injections to LNK files,” according to CSO Online. “In addition, the group seems to have ported one of its backdoors from Windows to macOS.”

Jul. 6: The Hacker News reported, “Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments.”

Jul. 5: The National Student Clearinghouse, one of many victims of the MOVEit breach, continues to investigate the scope of impact and notify those customers whose data was affected.

Jul. 5: “A new tool is available on GitHub that gives attackers a way to leverage a recently disclosed vulnerability in Microsoft Teams and automatically deliver malicious files to targeted Teams users in an organization,” according to Dark Reading.

Jul. 5: A new report published by the European Union Agency for Cybersecurity (ENISA) found that 54% of cybersecurity threats in the health sector stem from ransomware.

Jul. 5: Security Week reported, “Hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec, vulnerability intelligence company VulnCheck warned on Wednesday.”

Jul. 4: Bleeping Computer reported, “A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.”

Jul. 3: Following in the footsteps of the federal government, several US airlines, including Delta and Southwest, are banning the use of TikTok “on phones connected to its work network”, which could include personal devices.

Jul. 3: Security researcher, Pol Thill, won Sentinel One’s Malware Research Challenge for researching an eCrime campaign dubbed Neo_Net, which had targeted financial institutions in Spain and Chile.

Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

ransomware cloud security infrastructure security Cloud Infrastructure Network / Infrastructure Security web application firewall professional development & workforce professional development risk & vulnerability assessment zero day vulnerability exploit of vulnerability patch vulnerability & configuration management vulnerability assessment Patch Vulnerability / Configuration Management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs