Weekly News Roundup November 15-19, 2021


Posted on by Kacy Zurkus

CISA and other government agencies continue to make headlines for their efforts to augment cybersecurity policies and procedures as a national security imperative. The rollout of new bills, though, trickles down to the private sector, particularly when it comes to the reporting of cybersecurity incidents and those vendors that contract with the federal government. It turns out, employees of both the public and private sectors want the federal government to do more, according to a new survey from Tripwire.

Indeed, malicious actors are doing more, particularly as the holiday shopping season gets underway. A quick glance at the headlines, though, does suggest that local and national news outlets are doing more to help consumers protect themselves against fraudsters and scammers, and card skimming attacks.

Learn more about topics that matter in policy and government by checking out these sessions from RSA Conference 2021: Operational Collaboration: Enhancing Cyber Readiness or How Governments Can Promote a Secure 5G Ecosystem. Readers can also explore the wide variety of educational content that is always available in our Library.

Now let’s look at cybersecurity headlines you might have missed this week.

Nov. 19: The FBI issued a flash alert disclosing that weaknesses in the FatPipe MPVPN networking devices have been exploited by previously unknown threat actors.

Nov. 19: According to news from Infosecurity Magazine, “Researchers have discovered 11 new malicious open-source packages using various advanced techniques to avoid detection on the popular PyPl repository.”

Nov. 18: Security Intelligence reported, “No insurance premiums saw greater growth in the second quarter of 2021 than those related to cybersecurity.”

Nov. 18: The University of Central Florida’s Collegiate Cybersecurity Competition Team again took home the first-place prize in the 2021 US Department of Energy CyberForce Competition, successfully beating out 119 other competitors.

Nov. 18: Two Iranian nationals have been charged with alleged involvement in a “cyber-enabled campaign to intimidate and influence American voters,” the Department of Justice reported.

Nov. 18: A scathing report from Wired alleged that Amazon has failed to adequately protect customer data.

Nov. 17: Global chip shortages are reportedly to blame for a delay in Singapore’s rollout of a satellite road toll system.

Nov. 17: Krebs on Security reported, “The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.”

Nov. 16: Bleeping Computer reported that the Emotet malware has returned after a near year-long hiatus.

Nov. 16: While reports of the hack on the Robinhood app initially claimed that the compromised data included email addresses and customer names, Vice reported that customer phone numbers were also among the stolen data.

Nov. 16: “Cybersecurity researchers say they have uncovered evidence that Belarus has been involved in a hybrid hacking and disinformation campaign against Eastern European NATO members since 2016 that aimed to sow discord in the military alliance, steal confidential information and spy on dissidents,” AP reported.

Nov. 15: Threatpost reported, “The FBI admitted on Monday morning that an attacker exploited a flaw in how an agency messaging system is configured: a flaw that let an unknown party send out a flood of fake “urgent” warnings about bogus cyberattacks.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Policy & Government

anti-malware fraud disinformation campaigns/fake news government regulations ransomware security awareness malware security education

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community