Weekly News Roundup August 30-September 3, 2021


Posted on by Kacy Zurkus

School is back in session for most of the United States, which has many worried that the education sector could be looking at another year during which many schools and districts are crippled by ransomware attacks. Toward that end, an industry group called K12 Security Information Exchange has published recommendations for IT administrators in K-12 schools.

For many districts, Labor Day is the first holiday weekend of the year, but it is also a time when ransomware attacks tend to spike. So, as families embark on what will likely be their final weekend of summer fun, CISA and the FBI warned to watch for ransomware. The alert noted that the agencies, “have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed.”

Additionally, the FBI made several announcements this week, including a warning of potential threats to the food and agriculture sector. FBI New Orleans warned citizens to be on the lookout for hurricane-related fraud. CISA also added single-factor authentication to its list of bad security practices and encouraged Chrome users to review the newest version released by Google and apply necessary updates.

You can learn more about fraud and the ransomware threat landscape and explore our library of educational content curated to help you strengthen your overall security posture.

Now let’s look back at the headlines you might have missed this week.

Sept. 3: Tired of being the victim of cyberattacks, Italy announced it will launch a new National Cybersecurity Agency funded in large part by the EU’s National Recovery and Resilience Plan.

Sept. 3: BleepingComputer reported, “The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July.”

Sept. 2: “The Federal Trade Commission has unanimously voted to ban the spyware maker SpyFone and its chief executive Scott Zuckerman from the surveillance industry, the first order of its kind, after the agency accused the company of harvesting mobile data on thousands of people and leaving it on the open internet,” TechCrunch reported.

Sept. 2: Researchers discovered multiple security vulnerabilities in a WordPress extension plugin, WooCommerce Dynamic Pricing & Discounts.

Sept. 2: According to The Hacker News, “A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.”

Sept. 1: A Washington state Network Operations Manager from the Northshore School District talked about what he and the district experienced after being the victim of a ransomware attack.

Sept. 1: Eight financial institutions have been charged by the Securities and Exchange Commission (SEC) with “three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.”

Aug. 31: Scammers masquerading as support staff for OpenSea have been using Discord to target users of the digital assets marketplace in an attempt to steal cryptocurrency and other digital assets.

Aug. 31: CISA announced that registration for the 2021 President’s Cup Cybersecurity Competition is now open.

Aug. 30: The Hill reported, “The Biden administration on Monday announced it was establishing a program to recruit and train people to serve in digital positions within the federal government and address issues related to the COVID-19 pandemic and cybersecurity concerns.”

Aug. 30: City officials in Dallas, TX, issued an audit of the police department’s crime data, which remains underway, after learning that, “a city information technician inadvertently deleted 22 terabytes of crime data.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Hackers & Threats

ransomware data security exploit of vulnerability

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community