Weekly News Roundup April 25-29, 2022


Posted on by Kacy Zurkus

As a mom of two young girls coming to the close of their first competitive gymnastics year, I was bubbling with curiosity when I saw the headline asking what cybersecurity and Simone Biles had in common. Kudos to Axonius for wanting to make cybersecurity a household word. I’ll also give another shout-out to Zinet Kemal for her children’s book, Oh, No … Hacked Again! What a great way to engage with kids about online safety.

And speaking of keeping kids safe online, EdTech Magazine reported, “The increased cybersecurity features ed tech companies implemented to keep schools safe during the pandemic also continue to benefit users. Following a rise in cyberattacks targeting K–12 institutions, schools sought pandemic-era technologies with increased security measures.” Indeed, ransomware hit 56% of K-12 school districts across the globe in 2021, according to the annual State of Ransomware report published by Sophos this week. As is often the case with cyber, people can underestimate risk. It’s important that school districts understand “the risk attackers pose to their districts,” Education Week noted.

No sector is without its level of risk, as we saw earlier this week when a cybersecurity incident at Tenet hospitals disrupted operations. And cybersecurity remains top of mind for government agencies, particularly as it relates to election security. To learn more about augmenting your security strategy, explore a variety of educational content available in our Library.

Now let’s look at what else made headlines this week.

Apr. 29: “The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems,” BleepingComputer reported.

Apr. 29: Security researchers have discovered three subgroups within the APT10 dubbed TA410, which has been active across the globe since 2018.

Apr. 29: “The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories,” Security Week reported.

Apr. 28: Infosecurity Magazine reported, “Worldwide cybersecurity spending is set to grow by nearly 58% over the next few years to reach $198bn by 2025, according to GlobalData.”

Apr. 27: Government agencies released a list of the top 15 most exploited vulnerabilities detected during 2021.

Apr. 27: In an effort to stay competitive, the US Air Force and Space Force announced they are willing to pay enlistment bonuses to attract the best and brightest cybersecurity talent.  

Apr. 27: The Food and Drug Administration released an updated draft of guidance on Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.

Apr. 26: Eleven high schools were selected to participate in a new JROTC program—a four-year cyber program intended to deliver critical STEM-focused education to high school students.  

Apr. 25: The Record reported, “Conti’s wide-ranging ransomware attack on Costa Rica has expanded, taking down the administrative systems of the government agency managing the electricity in Cartago.”

Apr. 25: According to news from TechRadar, APIs are not only growing in popularity but also bringing increased cybersecurity challenges.

Apr. 25: PortSwigger reported, “A new industry group aims to coordinate efforts [to] improve industrial control system security in an effort geared towards bolstering the resilience of critical infrastructure components.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

ransomware cloud security software integrity cyberattacks vulnerability assessment persistence security jobs critical infrastructure

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community