Weekly News Roundup June 14-18, 2021


Posted on by Kacy Zurkus

Cybersecurity has been the focal point in conversations both nationally and abroad. President Biden met this week with Russian President Vladimir Putin and asserted that attacks on critical infrastructure should be off-limits. According to Reuters, Biden said, “We agreed to task experts in both our countries to work on specific understandings about what is off-limits… We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.” In a Today Show interview, NBC News analyst Jeremy Bash speculated that for the first time, the US and Russia could be looking at a cyber arms race.

The President was not the only one focused on cybersecurity talks this week. Senators are reportedly drafting legislation that would mandate both public and private entities to report a security breach within 24 hours, and the bill elaborates on rules and definitions related to the proposed requirement.

Senators are busy working on additional pieces of legislation to protect schools against cyberattacks. These efforts come a little too late for the University of Massachusetts Lowell, which canceled classes on Wednesday after a cybersecurity incident.

Let’s take a look at what else made industry headlines this week.

June 18: “Improving diversity in the cybersecurity industry by doing more to hire people from different backgrounds can help improve online defenses for everyone because it will enable information security teams to think about – and defend against – concepts and attack techniques they may not have considered before,” wrote ZDNet’s Danny Palmer.

June 18: In an effort to improve security at all levels of the supply chain, Google has proposed a new software supply chain framework.

June 17: “More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online,” Threatpost reported.

June 16: Speaking at the VivaTech convention in Paris, Apple CEO Tim Cook said new regulations proposed by the EU, “would force side loading on the iPhone, and so this will be an alternative way of getting apps onto the iPhone,” which could potentially compromise product security.

June 16: Threat hunters at Kaspersky have warned that an Iranian APT dubbed Ferocious Kitten has long flown under the radar while it’s been silently conducting cyber-surveillance operations.

June 16: The Department of Justice announced, “A federal jury in Connecticut convicted a Russian national on Tuesday for operating a ‘crypting’ service used to conceal ‘Kelihos’ malware from antivirus software, enabling hackers to systematically infect victim computers around the world with malicious software, including ransomware.”

June 16: Ukrainian police, in collaboration with international law enforcement agencies, have arrested members of the Cl0p ransomware gang.

June 16: Proofpoint published research on the initial steps cybercriminals take in the lead up to ransomware attacks.

June 15: In the aftermath of the ransomware attack on Colonial Pipeline, TSA is reportedly working on regulations to augment pipeline security.

June 15: The Loadstar reported, “Yet another ocean carrier has fallen foul to a cyber-attack: this time it is South Korea’s HMM, which today confirmed a virus attack on its email system on 12 June.”

June 15: Security researchers believe that multiple US entities were targeted in what is believed to be an act of cyberespionage by Chinese actors.

June 14: Space.com reported on the societal risks from artificial intelligence technologies after Microsoft’s President Brad Smith suggested, “Artificial intelligence could lead to an Orwellian future if laws to protect the public aren’t enacted soon.”

June 14: While Forbes Senior Contributor Patrick Moorhead said the Amazon Sidewalk service is misunderstood, Pivotal IT’s CEO John Sinderman told 7 News, “I think what they’re counting on is the laziness of the user because they figure they’re just not going to turn it off.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Professional Development & Personnel Management

professional development & workforce critical infrastructure ransomware cyber warfare & cyber weapons supply chain

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community