Weekly News Roundup March 1-5, 2021


Posted on by Kacy Zurkus

Last week, I mentioned that I wanted to carve out some time to learn more about Graham Ivan Clark, The Teenager Who Hacked Twitter and is facing more than 200 years in prison if found guilty of the 30 charges of election and computer fraud against him. The film was a gripping story of how this hacker came to be, starting with scamming players in Minecraft before discovering a subculture of SIM card scamming, one of many types of crimes anti-fraud experts are warning about during March, which is quite coincidentally Fraud Prevention Month.

To align with that effort, RSAC 365 is hosting a special Anti-Fraud webcast series on March 11, with a focus on how to stop cybercriminals, and a look at the challenges faced by fraud teams on March 18. You don’t want to miss either of those.

Now let’s take a look at what made industry headlines this week.

Mar. 5: US brokers are reportedly being targeting with phishing attacks, prompting the US Financial Industry Regulatory Authority (FINRA) to issue a warning about fake compliance and audit alerts.

Mar. 5: The Cybersecurity 202 reported on the results of a new study, The State of Cyber-Risk Disclosures of Public Companies, which found that publicly traded companies aren’t sufficiently informing investors about cybersecurity risks.

Mar. 4: SC Media reported, “As Black History Month drew to a close and Women’s Month began, BlackGirlsHack founder Tennisha Martin discussed with SC Media the barriers to diversity in the cybersecurity workforce and how a recent partnership with RangeForce will help the non-profit contribute to change.”

Mar. 3: Security firm, Qualys, revealed it had been the victim of a data breach after discovering attackers had exploited “a zero-day vulnerability in their Accellion FTA server.”

Mar. 3: Infosecurity magazine reported, “A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.”

Mar. 2: Microsoft released software updates for four security vulnerabilities reportedly being exploited by Chinese cyber spies. CISA issued an advisory requiring all federal agencies to immediately apply the Microsoft patches.

Mar. 2: According to a new report from the Government Accountability Office, federal cybersecurity declined for many reasons, chief among them was the “lack of centralized cyber leadership at the White House,” The Hill reported.

Mar. 1: The reported September 27 ransomware attack on Universal Health Services resulted in a staggering $67 million loss for the health care provider, according to CyberScoop.

Mar. 1: A free online service called, “Cyber Action Plan,” is being offered by the National Cyber Security Centre to help small businesses defend against cyberattacks.

Mar. 1: Believed to be the result of an acrimonious lawsuit between The Sinking City game developers and the game’s publishers, an “illegal” version of the game was posted on Steam, prompting the developers to discourage folks from purchasing this version.  

Mar. 1: Security researchers at ZeroFox discovered that 16Shop, “a prolific phishing kit provider group … released a Cash App version of their phishing kit for $70.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Hackers & Threats

hackers & threats ransomware cyber warfare & cyber weapons government regulations denial of service

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community