Weekly News Roundup October 27 – November 1, 2019

Posted on by Kacy Zurkus

This was such an exciting week for me and the RSAC blog. I was able to attend the 2019 Security Congress hosted by our industry association partner (ISC)2. Keynote speaker, Captain “Sully” Sullenberger surely left an impression on the audience with his inspirational message of service above self. It wasn’t only the keynotes that touched upon the human factor, though. Many of the non-technical sessions looked at how to be a more effective leader and how to change negative habits to be more empowered at work.

Despite the powerful lesson on How to Break Up with Your Phone, I find I am failing miserably. Alas, the wheels of change turn slowly.

What is consistently changing, though, is the concern companies have for cybersecurity risk. The annual State of Enterprise Risk Management report published by ISACA found that enterprises worry more about cybersecurity risks than they do about reputational, financial operational, compliance and political risks. Here’s a quick overview of what else happened in cybersecurity this week.

Nov. 1: Google Chrome users are being urged to update their browsers to the latest version after Google released a patch for two serious vulnerabilities, one of which is reportedly being exploited in the wild.

Oct. 31: Supporters and critics of the question should the federal government mandate IoT security standards weigh in on how best to address security vulnerabilities in connected devices.

Oct. 31: Threatpost reported that Chinese-state sponsored attackers are targeting telecom networks and winnowing through SMS messages to find political dissidents.

Oct. 31: The well-known (and already indicted) Russian financier, Yevgeniy Prigozhin, is reportedly the strong arm behind the “coordinated inauthentic behavior” of illegal Facebook activity attempting to influence users in African countries.

Oct. 30: Researchers at McAfee Labs observed a new phishing campaign in which malicious actors left a voicemail message directing victims to enter their Office 365 login credentials.

Oct. 29: While charges against its employees were reduced, Coalfire’s CEO Tom McAndrew released a statement urging that charges be dropped against two employees who were performing a security test of some Iowa county courthouse and judicial buildings as part of a cybersecurity program.

Oct. 29: Tens of thousands of websites were defaced after the country of Georgia was hit with a vicious and seemingly politically motivated cyberattack.

Oct. 29: A survey of senior cybersecurity and risk management decision makers revealed that 83% of respondents believe 5G will impact their cybersecurity strategy, and 86% expect AI to have an impact as it continues to be integrated into core security functions. 

Oct. 28: After a slew of organizations have made headlines for unintentionally exposing data through misconfigurations in their cloud-based databases, Elastic’s James Spiteri spoke with ISMG about how to prevent big data leaks.

Oct. 28: Fortinet announced its acquisition of endpoint detection and response firm enSilo, suggesting that there will be more consolidation within the endpoint security industry.

Oct. 28: A new Ponemon Institute report commissioned by AttackIQ found that “nearly 4 in 10 IT security leaders (40%) do not report to the board at all, showing a clear lack of accountability. And 14% of IT security leaders only report to the board following a security incident.”

Oct. 27: Hackers aren’t backing down when it comes to attacking endpoints, which is why organizations should rank endpoint security as a top priority for 2020.

Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

risk management Internet of Things phishing artificial intelligence & machine learning endpoint security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs