Whether it was malware or a DDoS attack, this week saw news stories reporting on a slew of cyberattacks that included disabling WiFi, stealing accounts from YouTube creators, and taking down government sites in Norway. Additionally, Ars Technica reported, “Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked.”
Reading the headlines this week, I noticed a strong undercurrent of uncertainty undulating. It was hard not to be overwhelmed by FUD, which ranged from suggestions of mass resignation, the threat of layoffs resulting from a recession, or the fear that quantum hacking is the next big threat.
I have to admit, when I read that the LockBit operators “introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million,” I felt the world might have gone topsy-turvy. Then I stumbled upon this story that showcases all that state governments have done thus far to address cyberthreats, and I was reminded that Rome wasn’t built in a day.
Another positive reminder from Venture Beat: “Anyone with a degree in cybersecurity is likely to be in high demand.” So if you’re interested in pursuing a degree, check out these top 10 cybersecurity colleges.
Yes, this week’s headlines were starting to suffocate my optimism until I stumbled upon this article penned by Rob Gurzeev in Security Magazine. Gurzeev wrote, “I attended the 2022 RSA Conference (RSAC) last month and am pleased to see that our industry remains robust and innovative and continues to percolate new ideas to solve persistent challenges.” Praise be!
So, try to keep that thought in mind as you review what else made industry news this week.
Jul. 1: “Surveyed healthcare cybersecurity leaders reported leveraging multifactor authentication (MFA), identity and access management, and privileged access management (PAM) solutions in hopes of lessening the likelihood of a cyber insurance premium hike.” Health IT Security reported.
Jul. 1: Leading cybersecurity experts question the findings in Microsoft’s report, Defending Ukraine: Early Lessons from the Cyber War.
Jun. 30: Dark Reading reported, “So far this year, a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an analysis – and half of those were preventable flaws.”
Jun. 29: The Transportation Security Administration announced that it would extend the time for reporting cyberattacks imposed after the Colonial Pipeline Co. hack in 2021.
Jun. 29: The 2022 CWE Top 25 Most Dangerous Software Weaknesses, published by CISA and MITRE, showed that “Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities,” according to Security Week.
Jun. 28: The Hacker News outlined some of the top threats to mobile security in 2022.Jun. 27: Data breaches are not the only way that cybercriminals steal credit card details, according to a post from WeLiveSecurity.