Weekly News Roundup September 27-October 1, 2021


Posted on by Kacy Zurkus

Welcome to fall. What was once green is turning yellow and brown. Leaves are falling. The mornings are darker. It’s colder. Only a few weeks ago, I was able to walk my daughter to school in shorts and a T-shirt. Now, I have to add layers to keep warm, and I am reminded that change is an unavoidable part of life.

While the cycle of changing seasons yields similar results each year—fall turns to winter, which gives birth to spring and eventually warms to summer—change isn’t always predictable. But Yahoo! has reportedly embraced change in order to improve employee cybersecurity awareness. Working in collaboration with Cybersecurity at MIT Sloan (CAMS), Yahoo’s security organization added a behavioral engineering team to understand how to change employee behavior effectively, and the results were pretty impressive.

In fact, I saw several headlines this week that reflect the RSA Conference 2022 theme of Transform. FedScoop reported on a proposed bill to establish a cybersecurity workforce rotational program that “would allow senior tech industry workers to enter government for a set period of time and grant government workers the ability to rotate among federal agencies.”

As evidenced by Yahoo!, private industry is looking at how to transform the way security teams, employees and boards view security. And the federal government is doing more than proposing legislation. CISA continues to build partnerships, and this week the agency announced that it would join forces with Girls Who Code to create more opportunities for young women to enter into the cybersecurity workforce. Apple has reportedly joined forces with Cyber Readiness Institute in an effort to augment cybersecurity programs for small businesses.

Joining forces can indeed inspire positive change. You can explore this idea, the theme of Transform and many other topics available in our Library. Now, let’s check out what other stories made cybersecurity headlines this week.

Oct. 1: Cybersecurity Awareness Month officially kicks off today with the theme of “Do Your Part. #BeCyberSmart.”

Oct. 1: AINonline reported, “The coalition of aviation stakeholders and the ICAO Assembly called for a Cybersecurity Action Plan that, among other things, would work toward a common baseline for cybersecurity practices and make cybersecurity a part of aviation security and safety systems.”

Sept. 30: “Communications provider Bandwidth says its network is back to ‘normal’ in the wake of a cyber attack,” WRAL TechWire reported.

Sept. 30: The National University of Ireland at Galway (NUI Galway) said that it was the target of an attempted cyberattack though there is no evidence of any compromised data.

Sept. 30: A new report from AXA Future Risks revealed that cybersecurity ranked second behind climate change on a list of highest global risks.

Sept. 29: Reuters reported, “Russian authorities have arrested the chief executive of a leading Russian cybersecurity company on suspicion of state treason, a court said on Wednesday, sending a chill through Russia's IT and business sectors.”

Sept. 29: “A new report has identified significant vulnerabilities resulting from the misimplementation of Elastic Stack, a group of open-source products that use APIs for critical data aggregation, search, and analytics capabilities,” ZDNet reported.

Sept. 29: According to research from Intel 471, there has been an increase in cybercrime services, which provide attackers with the ability to capture one-time password tokens.

Sept. 28: New research revealed that a feature on the Apple AirTag could be abused.

Sept. 28: The Department of Justice announced, “A Texas man was sentenced to 70 months in prison today for conspiring to commit wire fraud, wire fraud and aggravated identity theft, in connection with a scheme to file false tax returns using stolen identities.”

Sept. 27: In an effort to help users detect mobile spyware, a startup called Malloc is building an anti-stalker app that “monitors the sensors and apps running on a phone — initially for Android only — to detect if the microphone or camera is quietly activated or data transmitted without the user’s knowledge,” TechCrunch reported. 

Sept. 27: A security researcher who felt Apple ignored him published vulnerabilities in iPhone that remained unpatched, which reportedly prompted a response from Apple.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Professional Development & Personnel Management

security awareness behavioral analytics risk management exploit of vulnerability mobile applications mobile security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community