Weekly News Roundup August 16-20, 2021


Posted on by Kacy Zurkus

Yes, another organization has suffered a massive breach. I can see the eye rolls and hear the sighs of despair, but I have some thoughts for you, dear readers.

In the aftermath of the reported T-Mobile data breach that potentially impacted more than 40 million customers, The Cybersecurity 202 asked if there will be backlash or if people will quickly move on from the news. Whether the general public is suffering from breach fatigue is certainly not an outlandish question to ask. There’s no dearth of headlines proclaiming fatigue of all things these days—from breaches to COVID, masks and even moral fatigue (who knew this was even a thing!). Expounding on his hypothesis about breach fatigue, Joseph Marks wrote, “It has also made it far more difficult for cyber educators to persuade people to adopt better behavior.”

I am reminded of Harper Lee’s To Kill a Mockingbird when Atticus Finch explains what courage is to his daughter Scout. “It’s when you know you’re licked before you begin but you begin anyway and you see it through no matter what. You rarely win, but sometimes you do.” Of all the books I’ve read in my nearly 50 years, that one line has always resonated with me. As I see it, the cybersecurity industry is faced with a challenge: Do we conform to general apathy, or will we have the courage to transform?

I say there’s no need to drink from the cup of mediocrity! Boost your courage and “see it through no matter what,” which you can do with help from the greater community. Check out these sessions on managing risk and digital transformation or explore additional topics in our library.

And now I’ll interrupt this motivational blog for a quick look at what else made headlines this week.

Aug. 20: The Hacker News reported, “A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme.”

Aug. 19: Analysis of the January attack on the US Census Bureau revealed that “officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for different security tasks.”

Aug. 19: TechCrunch reported, “In a letter sent earlier this month addressed to TikTok CEO Shou Zi Chew, Sens. Amy Klobuchar (D-MN) and John Thune, (R-SD) say they are ‘alarmed’ by the recent change to TikTok’s privacy policy, which allows the company to ‘automatically collect biometric data, including certain physical and behavioral characteristics from video content posted by its users.’ ”

Aug. 18: The Department of Justice reported, “An Ohio man pleaded guilty today to a money laundering conspiracy arising from his operation of Helix, a Darknet-based cryptocurrency laundering service.”

Aug. 18: After reports that security researchers discovered more than a dozen vulnerabilities in a TCP/IP stack commonly used by operational technology vendors, several companies in the industrial control systems space issued their own security advisories, SecurityWeek reported.

Aug. 17: In conjunction with security researchers at FireEye, CISA issued a warning about a vulnerability that could allow attackers to access millions of IoT devices.

Aug. 16: The Great Londini, reportedly a volunteer group with cybersecurity and military experience, made headlines this week for being an Internet vigilante on a mission to stop cyberbullying, though TikTok claims it has removed multiple accounts associated with the username because of harassment reports.

Aug. 16: “Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations,” Ars Technica reported.

Aug. 16: The National Cybersecurity Alliance featured a feel-good tale of Ashley Richardson-Sequeira and her journey into cybersecurity. “A military veteran, musician, and English major, Ashley’s journey to a successful career in cyber is far from what many perceive as the typical path.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Hackers & Threats Mobile & IoT Security Privacy

blockchain & cryptocurrencies biometrics exploit of vulnerability

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community