Weekly News Roundup January 30–February 3, 2023


Posted on by Kacy Zurkus

As I plan for the RSAC 365 Half-Day Virtual Seminar in June on the topic of supply chain with our program chair, Shamla Naidoo, one idea that persists in the many tentacles of the supply chain is that the foundation of supply chain security must be established by building trust.

It is from this perspective that I read several pieces on establishing trust in the cybersecurity industry. An Atlantic Council blog opined about ways that the public and private sectors could build a community of trust. Venture Beat reported, “enterprises trust hardware-based security over quantum computing.” Certainly, news that the US and its allies are “broadening the Abraham Accords” affirms that there is international interest in building trust and strengthening relationships. But, among the many ideas articulated this week, I appreciated a book review written in The Enterprisers Project, as it proclaimed, “Cybersecurity is a central aspect of trust.”

For more on everything from digital trust to zero trust, explore the content available in our Library.

Now let’s take a look at what else made industry headlines this week.

Feb. 3: As ChatGPT grows more popular, many question whether the chatbot poses cybersecurity threats.

Feb. 3: A 27-year-old US man has been charged with commodities and wire fraud for allegedly swindling $110 million in cryptocurrency, Infosecurity Magazine reported.

Feb. 2: “A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction,” according to BleepingComputer.

Feb. 2: The former Ubiquiti employee who was charged with an insider attack on his employer pled guilty to charges, Recorded Future reported.

Feb. 1: According to The Daily Swig, Peter Geissler, an independent security researcher, decided to release “a zero-day remote code execution (RCE) chain of vulnerabilities affecting Lexmark printers after claiming the disclosure reward he was offered was ‘laughable’.”

Feb. 1: “Rapid7 Inc, the cybersecurity firm that hired Twitter Inc whistleblower Peiter Zatko last month, is exploring options that include a possible sale after attracting acquisition interest,” Reuters reported.

Jan. 31: The Hacker News reported, “A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.”

Jan. 30: The Cybersecurity and Infrastructure Security Agency is exploring ways to work with the private sector to help corporations strengthen their cybersecurity postures.


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

zero day vulnerability anti-malware anti malware access control critical infrastructure exploit of vulnerability intrusion prevention/detection

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs