Weekly News Roundup April 18-22, 2022


Posted on by Kacy Zurkus

Local news outlets from Miami, Florida, to San Antonio and Killeen, Texas, and Minot, North Dakota, all covered cybersecurity this week, but it wasn’t news of a breach. Rather, each shared news about a university’s cybersecurity program, which bodes well for the industry as a whole. Additionally, Canada’s Youth Employment Services (YES) announced a new program through which Canadian youth and Ukrainian refugees can undergo cybersecurity training.

In addition to education and training opportunities across the country, ABC News reported that increasing concerns over threats to critical infrastructure had moved Wall Street to make significant investments in cybersecurity, noting that Goldman Sachs announced a $125 million investment.

A new report published by IDC found that 69% of CEOs in the Asia-Pacific region said they are involved in cybersecurity interactions either weekly or biweekly. That shows great progress. And speaking of progress, for the first time since 2013, NIST has made extensive changes to its Guide to Enterprise Patch Management Planning (SP 800-40 Rev. 4).

Let’s look at what other news made cybersecurity headlines this week.

Apr. 22: Patches released to protect AWS containers against the Log4Shell vulnerability reportedly had critical security issues.

Apr. 22: CSO Online reported, “hackers tried to disconnect several high-voltage substations from a section of the country’s electric grid but were foiled by Ukraine’s computer emergency response team (CERT-UA) with the help of researchers from ESET and Microsoft.”

Apr. 21: MIT Technology Review reported that “two Dutch researchers took home $90,000 and a new Pwn2Own championship trophy by targeting the software that helps run the world’s critical infrastructure.”

Apr. 21: Families of students in a Coventry, Connecticut, school district were advised that a data breach at software company Illuminate Education may have exposed the data of approximately 1,700 students.

Apr. 21: The Hacker News reported, “A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers.”

Apr. 20: As the war in Ukraine continues, Five Eyes (US, Britain, Australia, Canada, and New Zealand) warned that the world could see increasing cyberthreats to critical infrastructures from Russia.

Apr. 20: The findings of the investigation Okta conducted after the January security incident revealed that only two of its customers were impacted after Lapsus group hackers gained access to its systems.

Apr. 19: “Researchers at Google’s Project Zero said they tracked 58 cases of zero-day exploits ‘in the wild’ in 2021 — the most ever detected and disclosed in a single year since the group began its work in mid-2014,” CyberScoop reported.

Apr. 18: “The Unified Government of Wyandotte County and Kansas City, Kansas was victim to a cybersecurity attack over the weekend,” KCTV5 reported.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

security education patch vulnerability & configuration management hackers & threats critical infrastructure zero day vulnerability penetration testing phishing data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community