Weekly News Roundup December 6-10, 2021


Posted on by Kacy Zurkus

My daughter brought home two ornaments off her school’s giving tree, and the items we purchased are trickling in daily. We also sent hats and gloves as part of my daughter’s gymnastics team collection and have packages coming for the giving tree at my gym. Those items ordered through my work’s giving program have already been delivered. In fulfilling all of these orders, I was reminded of a conversation I had with Dr. Kelley Misata, Founder and CEO of Sightline Security, earlier this week when we recorded a soon-to-be-released podcast (keep an eye on our website to give it a listen). During this season of giving, there’s a looming question of What Do We Owe Each Other?

As evidenced by Google’s takedown of “an aggressive Windows botnet,” good things happen when we work together. Infosecurity Magazine reported on this week’s 5th Global Conference on Criminal Finances and Cryptocurrencies, where nearly 2,000 experts from the public and private sector convened to promote information sharing. These threat intelligence sharing efforts are critical for practitioners in the same way security awareness programs inform users on how to spot scams.

In closing, many of us are reminded to think about those in need because of the visibility of giving trees and toy collection efforts. As a result, we tend to do more during this season than we do throughout the year. Kelley expounds on the ways in which the industry can continuously work together to help those who are at the security poverty line and strengthen our systemic dependencies in order to ensure a more secure world. It was an inspiring conversation.

Now let’s take a look at what made industry headlines this week.

Dec. 10: National Cybersecurity News reported that users unknowingly fell victim to a phishing email containing malicious attachments, which led to the attack on the UK’s National Health Services earlier this year.

Dec. 9: The Hacker News reported, “At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices.”

Dec. 9: “Executives at the HIMSS Healthcare Cybersecurity Forum this week stressed that protecting an organization’s environment is a collaborative endeavor,” Healthcare IT News reported.

Dec. 8: An Ottawa, Ontario man, who was described as “the most prolific cybercriminal we’ve identified in Canada,” was indicted on charges of fraud and conspiracy, Krebs on Security reported.

Dec. 8: Illinois State University’s cybersecurity program is growing, promoting a new generation of cybersecurity experts to combat cybercrime.

Dec. 7: The Daily Swig reported, “A vulnerability in Jamf Pro, a popular mobile device management (MDM) platform for Apple devices, allowed attackers to stage server-side request forgery (SSRF) attacks on the application’s servers, security researchers at Assetnote have found.”

Dec. 6: According to Al Jazeera, “Global ransomware attacks increased by 151 percent in the first half of 2021 compared with 2020, Canada’s signals intelligence agency has reported, as hackers become increasingly brazen.”

Dec. 6: The Department of Homeland Security announced additional requirements for the transportation sector.

Dec. 6: CNET reported, “Cyberattacks grabbed headlines throughout 2021 as massive disruptions affected government agencies, major companies and even supply chains for essential goods like gasoline and meat.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights Analytics Intelligence & Response

professional development & workforce ransomware cyberattacks threat intelligence hackers & threats phishing security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community