Weekly News Roundup January 10-14, 2022


Posted on by Kacy Zurkus

One of the most exciting news stories I came across this week was in The Cybersecurity 202. Did anyone else well up with hope at the potential of what cybersecurity labels for consumer products could mean for the future of this industry? For years, I’ve listened to industry experts talk about risk mitigation strategies, but I feel like I’ve been in an echo chamber. Outside of my RSAC-focused world, few people seem to care about cybersecurity. For years, I’ve contended no technology investment will matter, and no legislation will change the course of action if people don’t actually care about protecting themselves, their devices, and their data.

And while I know that nutrition labels on our food have not curbed the gluttony of those who enjoy over-indulging, they do give people pause. Maybe, just maybe, a moment of pause will help to change consumer behavior and spending. Consumers demanding secure products could lead to a sizeable shift. Of course, that could also be my own misguided optimism, which my friend, Lisa Plaggemier, says we should all have this year (minus the misguided part).

Apparently, I’m not the only human with some misguided optimism. When Kim Kardashian asked her fans if they were into crypto, some mistook her investment news for financial advice and followed suit. Now Kardashian is facing a lawsuit alleging she misled her fans in promoting the cryptocurrency token. While the crypto-craze has many hopeful that their investments will amass great wealth, it’s important for people to be wary of scams.

In other fun news, Trend Micro’s Zero Day Initiative, Pwn2Own Vancouver 2022, will award more than $1 million in cash and prizes, and attendees can participate either virtually or in person at this year’s hybrid event.

Now let’s look at what else made cybersecurity headlines this week.

Jan. 14: Another massive cyberattack has knocked dozens of government websites offline in Ukraine.

Jan. 14: The continued use of end-of-life software is reportedly handicapping the Apache Software Foundation’s ability to quickly remediate security vulnerabilities.

Jan. 13: “BlueNoroff, an advanced persistent threat (APT) group that’s part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious cryptocurrency losses,” Dark Reading reported.

Jan. 13: Malicious actors are targeting Office 365 and Gmail users with images and PDFs designed in the Adobe Cloud suite.

Jan. 13: The Hill reported, “The rise in satellites, rockets and shuttles is creating an expanded attack surface. Just like transportation, energy, and other vital industries, space systems need protection.”

Jan. 12: The FCC reportedly has plans to amend existing data breach laws for telecom carriers.

Jan. 12: Wired reported, “NSO’s Pegasus malware was found on 37 devices belonging to 35 journalists and activists [in El Salvador] as recently as November of last year.”

Jan. 12: Krebs on Security takes an in-depth look at the initial access broker dubbed Wazawaka, who is alleged to be actively involved in many cybercrime forums, most notably the Russian-language community Exploit.

Jan. 11: CISA added 15 new security vulnerabilities to its list of vulnerabilities known to be used in attacks against government entities. According to Bleeping Computer, some are “as old as 2013.”

Jan. 11: Europol released a statement on the decision made by the European Data Protection Supervisor about how the agency should handle data subject categorization for large and complex datasets.

Jan. 10: The Hacker News reported, “Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple’s macOS operating system that could be weaponized by a threat actor to expose users’ personal information.”

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

security awareness consumerization hackers & threats secure payments & cryptocurrencies secure payments & cryptocurrencies cyberattacks persistence critical infrastructure software integrity

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community