The RSA Conference team was excited to inform submitters that their sessions have been selected for RSA Conference 2024 this week. We had a record number of inbound submissions (more than 2,700); however, we can only place fewer than 10% of those across the whole agenda. The competition was fierce. Understandably, many aspiring speakers, whether first time submitters or veterans to the RSAC stage, experienced a rollercoaster of emotions after receiving their notification letters.

While it may not mitigate the sting of a decline, it’s important to know that the submission review process is designed to ensure objective review of every session so that we can eliminate the risk of human bias. Our Program Committee members, who are a richly diverse representation of gender, age, experience, race, ethnicity, and geography, begin working on the ideal track design before submissions come in. They bring these ideas with them to their initial review process to identify the topics that align with their expectations, but they also look for the unique abstracts that fill the gaps in the overall arc of their tracks. It is the abstract and session details that elevate the status of a submission.

There are 24 tracks represented across the agenda, and each track has anywhere from three to five reviewers. Sessions are evaluated by multiple tracks to ensure each is given the greatest chance to be selected. In the end, though, it all comes back to my least favorite subject in high school: Math. In years past, the Hackers & Threats track has assessed nearly 400 submissions and were tasked with whittling that down to only 20 selected sessions. 

More than anything, we love to amplify the voices of the members of our community, and our RSAC 365 Cybersecurity Learning Program affords us the opportunity to feature more subject matter experts as guests on webcasts, podcasts, and seminars. Share your expertise here and explore our Library of new content posted year-round.

Now let’s look at what else made cybersecurity headlines this week.

Feb. 2: The Hacker News reported, “Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide.”

Feb. 2: A cybersecurity matter has caused network outages at Lurie Children’s Hospital in Chicago for two days.

Feb. 1: Cloudflare confirmed that they experienced a security incident on November 23, 2023, noting, “Even though we understand the operational impact of the incident to be extremely limited, we took this incident very seriously because a threat actor had used stolen credentials to get access to our Atlassian server and accessed some documentation and a limited amount of source code.”

Feb.1: A threat group dubbed Commando Cat is using a malware campaign acting as a credential stealer, backdoor, and cryptocurrency miner together as one, making it a highly stealthy and malicious threat.

Jan. 31: In Fulton County, Georgia, a cybersecurity incident caused widespread system outages that impacted the county jail and allegedly resulted in the mistaken release of a murder suspect.

Jan. 31: Financially motivated threat actor known as UNC4990 is weaponizing USB devices as an initial infection vector to target organizations in Italy. Attacks on multiple industries including health, transportation, construction, and logistics.

Jan. 31: Recorded Future reported, “President Joe Biden would veto a congressional attempt to overturn a Securities and Exchange Commission rule that requires companies to inform investors about cybersecurity incidents.”

Jan. 31: Several US officials testified at a Senate Judiciary Committee to expound upon threats to US critical infrastructure from China and the steps that have been—and still need to be—taken to defend against an unexpected attack.

Jan. 29: Venture Beat reported, “Nightshade, a new, free downloadable tool created by computer science researchers at the University of Chicago which was designed to be used by artists to disrupt AI models scraping and training on their artworks without consent, has received 250,000 downloads in the first five days of its release.”

Jan. 29: “A prolific dark web drugs vendor has pleaded guilty and agreed to forfeit $150M, the largest single seizure ever taken by the US Drug Enforcement Administration (DEA),” Infosecurity Magazine reported.