Weekly News Roundup August 2-6, 2021


Posted on by Kacy Zurkus

Collaboration seemed to be a theme in this week’s cybersecurity headlines. Google Cloud is now the eighth member of the Exabeam-led XDR Alliance intended to aid security operations teams in protecting organizations against cyberattacks. In the aftermath of the massive attack in 2020, SolarWinds CEO took a forward look at cybersecurity and recognized public-private partnerships as one factor contributing to improved federal guidance. The University of Texas at San Antonio also reported on its development of the Community Cyber Security Maturity Model (CCSMM), a twenty-year effort to “improve cybersecurity capabilities and collaboration for the benefit of communities nationwide.”

Also, this week, Jen Easterly, Director of Cybersecurity and Infrastructure Security Agency (CISA), announced a rocking new collaboration dubbed JCDC. “Through the JCDC, we will coordinate cyber defense planning and operations by partnering with our interagency; state, local, tribal, and territorial governments; and private sector stakeholders to improve cyber defense operations and prevent and reduce impacts of cyber-attacks,” Easterly tweeted.

These partnerships are an important step forward in helping to solve some of the many challenges cybersecurity professionals are facing. To that end, let’s look at what else made headlines this week.

Aug. 6: Security teams that have long been tasked with authenticating the identity of users are now challenged with managing machine identity to control access to sensitive data.

Aug. 6: The FTC issued a warning about a phishing campaign targeting individuals who have filed for unemployment insurance.

Aug. 5: BleepingComputer reported, “A disgruntled Conti affiliate has leaked the gang’s training material when conducting attacks, including information about one of the ransomware’s operators.”

Aug. 5: An Australian rap singer who goes by the name Illy wrote of the extensive abuse he has suffered from a cyber stalker for nearly two years.

Aug. 5: AP reported, “Apple unveiled plans to scan U.S. iPhones for images of child sexual abuse, drawing applause from child protection groups but raising concern among some security researchers that the system could be misused, including by governments looking to surveil their citizens.”

Aug. 5: “Security researchers have discovered a 12-year-old router vulnerability that they’ve warned may affect millions of devices globally,” Infosecurity Magazine reported.

Aug. 4: The Cybersecurity 202 reported, “Cyber experts are about evenly split on whether the often-complicated relationship between the government and ethical hackers has improved in the past two years.”

Aug. 4: According to NextGov.com, “There are several barriers currently impeding progress in protecting critical energy infrastructure.”

Aug. 3: A new 47-page report published by the Senate Homeland Security Committee gave federal agencies a C- for failing to implement basic defenses against cyberattacks.

Aug. 3: “Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis,” Security Week reported.

Aug. 3: Five major telecom companies in Southeast Asia were the target of malicious cyberattacks believed to be the work of Chinese hackers.

Aug. 2: “Customers who signed up for emails from fast-food chain Chipotle Mexican Grill were recently faced with bigger challenges than queso versus sour cream. A breach of the restaurant’s email marketing service last month led to customers being served phishing lures and malicious links that redirected to credential harvesting sites,” ThreatPost reported.

Aug. 1: At the onset of the pandemic, Zoom was accused of failing to prevent hackers from “zoombombing.” Those accusations led to lawsuits, and the company has reportedly agreed to an $86 million settlement.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Security Strategy & Architecture Identity Hackers & Threats

phishing privacy exploit of vulnerability risk management hackers & threats

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community