Weekly News Roundup January 31-February 4, 2022


Posted on by Kacy Zurkus

In what was probably some much-needed comic relief this week, late-night host Stephen Colbert created a “misinformation playlist.” Yes, Spotify and the Joe Rogan podcast continued to make headlines, as a slew of high-profile artists followed Neil Young’s lead in demanding their content be removed from Spotify’s platform.

Let’s not forget that misinformation and disinformation campaigns are not exclusive to the pandemic. According to news from Infosecurity Magazine, the United States claimed Russia of employing a disinformation campaign to “serve as a pretext to an invasion of Ukraine.” Though the Spotify controversy is primarily concerned with the spread of misinformation related to COVID-19 vaccines, it has raised awareness about the real threat of misinformation in our digital age. It has also called upon private companies to play an active role in how misinformation is handled. In one news story, the World Economic Forum explored how to combat COVID-19 misinformation. While recognizing that social media platforms play an obvious role in tackling the dissemination of falsities, addressing the problem “requires more than just the tech giants and everyone has a role to play – from policy-makers to community leaders and individuals.”

As we reflect on the role that each of us plays in seeking and sharing the truth, let’s take a look at what else made cybersecurity headlines this week.

Feb. 4: “Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries,” Bleeping Computer reported.

Feb. 4: QR codes are proving profitable for scammers who are reportedly using them to steal money from unsuspecting victims.

Feb. 3: Security Week reported, “Blockchain bridge Wormhole has confirmed that roughly $320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday.”

Feb. 3: Cloudflare launched its public bug bounty program, which supplants its previously launched program that was by invitation only.

Feb. 3: Cybercriminals have taken a liking to LinkedIn, leveraging “a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands,” Krebs on Security reported

Feb. 2: After an independent hacker was a victim of a targeted hacking campaign by North Korea, the man retaliated by exploiting “numerous known but unpatched vulnerabilities in North Korean systems.”

Feb. 1: Fans and athletes traveling to the 2022 Winter Olympics are advised to leave their personal phones at home and instead carry a temporary phone, according to an alert issued by the FBI.

Feb. 1: “An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason,” The Hacker News reported.

Jan. 31: Cyberattacks on public schools continue to grow across the United States.

Jan. 31: “According to a new analysis of these attacks by incident response provider Mandiant, one in seven of those extortion incidents exposes sensitive operational technology (OT) information stolen from industrial victims in the attacks,” Dark Reading reported.

Jan. 31: Cybereason has reportedly filed paperwork with US regulators, suggesting the company will soon go public with an IPO.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Hackers & Threats

disinformation campaigns/fake news patch vulnerability & configuration management mobile security risk management phishing security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community