Weekly News Roundup April 20-24, 2020

Posted on by Kacy Zurkus

Are you ready for some football? Well, some more of the NFL draft anyway. Despite the draft not being a live event this year, it has still created a lot of buzz—even in the cybersecurity industry. Earlier this week, Reuters reported that the league’s transition to a virtual event has raised some cybersecurity concerns. Despite the league’s statement that it has “comprehensive and thoughtful” security measures, the system test that ran on Monday did illustrate some technical problems.

Good news, though—according to Front Office Sports (FOS), the league resolved the problems. On Thursday, Mark Testoni, Chief Executive Officer of SAP NS2, recognized that hackers are always a potential problem but told FOS, “I’m sure many would love to think they could disrupt a high-profile event. With dedicated lines, multi-factor authentication or potentially zero-trust architecture, the league and Microsoft will try to mitigate this risk as much as possible.” By all accounts, the first night of the draft went off without a hitch.

Here’s a look at what else made the cybersecurity headlines this week.

Apr. 24: National Defense reported, “Faced with outdated information technology and the growing threat of network attacks, the Coast Guard is steaming ahead with a new plan aimed at revolutionizing its cybersecurity and data management capabilities.”

Apr. 24: After ZecOps published a report claiming that researchers discovered vulnerabilities in Apple’s email software that allowed hackers to access iPads and iPhones for years, Apple responded to the report’s claims on Twitter.

Apr. 23: TechRepublic offered a list of the top 13 security certifications for both industry newcomers and experienced cybersecurity professionals.

Apr. 23: Krebs on Security shared some sound advice for those who think they might be the target of a phone-based phishing scam: “When in Doubt: Hang Up, Look Up & Call Back.”

Apr. 23: HackerOne hosted a virtual hacking event as part of its Hack for Good campaign, in which hackers donated $5,000 in bug bounties to the World Health Organization.

Apr. 23: Becker’s Hospital Review reported, “Cybersecurity experts from Microsoft, Amazon and other global tech companies formed the CTI League on March 14 with the mission to enhance cyber-defense capabilities for healthcare organizations to combat the surge in coronavirus-related cyberattacks targeting healthcare organizations.”

Apr. 22: According to the Forbes Technology Council, an increased focus on protecting people is one of the 14 “next big things” in cybersecurity and encryption.  

Apr. 21: Europol reported that international cooperation was key to the successful arrest of a dark web child sex abuser.

Apr. 21: Nintendo users have reportedly had their accounts hijacked, despite some users claiming they indeed used “complex passwords generated through a password manager, passwords that were unique to their accounts, and not used anywhere else,” ZDNet reported.   

Apr. 21: Security researcher Bob Diachenko reportedly discovered that Fortum Poland, an energy company, had an “unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable information (PII).”  

Apr. 20: Based on interviews with CISOs and security advisers, CSO Online compiled a list of the 10 indicators of a solid cybersecurity program.

Apr. 20: According to SecurityWeek, “Massachusetts and Indiana, the only two US states that independently sued Equifax over the massive data breach that occurred in 2017, have settled with the credit reporting agency for a total of close to $40 million.”

Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights Hackers & Threats

hackers & threats

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs