Weekly News Roundup August 29–September 2, 2022

Posted on by Kacy Zurkus

Over the past few weeks, I have noticed an uptick in the number of SMS phishing campaigns blowing up my phone. According to these alerts, I’m dropping hundreds, sometimes thousands, of dollars on everything from side tables to groceries everywhere from Texas to Florida. While I delete these messages, I’m always concerned about how my daughters or parents will react when they read these specious warnings.

That’s why I was happy to see that Amazon launched a new cybersecurity education program, Protect & Connect, which feels like it has some legs. Variety Magazine recognized one of the public service announcement (PSA) videos featuring Michael B. Jordan and Tessa Thompson, who serve as internet vanguards warding off cybercriminals for an unsuspecting family. The goal of the program is to enable all users to be their own internet bodyguards. It’s fun, informative, and worth sharing with friends and family, particularly because this week’s headlines suggest we have a lot more security awareness and education work to do.

Security researchers at Menlo Labs reportedly identified a phishing campaign targeting credit card users in Japan. Financial firms are being targeted with a Phishing-as-a-Service platform dubbed “Robin Banks.” BleepingComputer reported that thousands of victims were bamboozled by a new Instagram phishing campaign. Krebs on Security reported, “Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.”

Meanwhile, FBI cyber experts have been deployed to Montenegro after the country suffered a massive cyberattack, and Chinese threat actors have allegedly been mining sensitive defense and energy data from Australian computer systems for months.

Sep. 2: The National Security Agency (NSA) has issued guidance for software developers to strengthen supply chain security and avoid cyberattacks.

Sep. 1: Apple has pushed out another patch for a zero-day vulnerability in WebKit that is being actively exploited.

Sep. 1: According to The Hacker News, “The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group’s operational tempo.”

Aug. 31: “EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach,” Threatpost reported.

Aug. 31: Federal News Network reported, “The accreditation body behind the Cybersecurity Maturity Model Certification program is planning to revise a draft process document released last month after it was roundly criticized for being overly complex and prescriptive.”

Aug. 30: Executives from different critical infrastructure sectors have been invited to attend classified cybersecurity briefings with White House officials in an effort to share threat intelligence and “shape forthcoming cybersecurity regulations for critical infrastructure operators,” according to CyberScoop.

Aug. 30: The Record reported, “The government of Lexington, Kentucky is working with the FBI and Secret Service to investigate $4 million in federal rent assistance and housing funds allegedly stolen by cybercriminals.” 

Aug. 29: In anticipation of new cybersecurity regulations that will undoubtedly impact the private sector, Stuart Madnick of Harvard Business Review said that organizations could and should do more than wait for laws to be written and implemented.

Aug. 29: Data broker Kochava Inc. is facing a lawsuit from the Federal Trade Commission for allegedly selling the geolocation data of mobile device users, which includes information about visits to everything from abortion clinics to domestic violence shelters and places of worship.


Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

phishing supply chain security awareness cyber warfare & cyber weapons cyberattacks data security critical infrastructure

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs