Weekly News Roundup July 1-5, 2024

Posted on July 05, 2024 by Kacy Zurkus

A fresh wave of threats and vulnerabilities sparked through headlines the first week of July. While those in the US eagerly anticipated their July 4 celebrations, the week was filled with attention grabbing stories, ranging from a critical vulnerability discovered in Apache HTTP Server 2.4.60 to a new Intel CPU attack that could potentially leak sensitive data.

Most notably, multiple news outlets reported on the Supreme Court ruling on Chevron doctrine, which could have an unexpected trickle down impact on the future of cybersecurity regulation. Many have proposed that the decision, “has the potential to weaken or substantially alter all federal agency cybersecurity requirements ever adopted,” and a blog post from Axios suggested, “It's a nail in the coffin for an executive branch-led strategy that attempted to require many organizations to practice basic cybersecurity via new interpretations of existing law.” The reality is it will take some time to truly understand the depth of the impact, but it’s likely a conversation that Chief Information Security Officers (CISOs) and business leaders will frequently engage in over the coming weeks and months.

To learn more about what is front of mind for CISOs, visit our Library where you can find new content posted year-round.

Now let’s take a look at what else made cybersecurity headlines this week.

Jul. 5: The Federal Trade Commission is offering grants to K-12 schools in order to address cybersecurity issues as part of a Schools and Libraries Cybersecurity Pilot Program.

Jul. 5: Vinted, a second-hand sales online platform has been fined $2.3 million for not complying with data protection regulations.

Jul. 4: Twilio is suffering a breach after hackers leaked 33 million random phone numbers using Twilio’s two factor authentication app, Authy.

Jul. 4: “A global operation led by the National Crime Agency (NCA) of the United Kingdom, dubbed Operation Morpheus, has struck a significant blow against 593 servers of Cobalt Strike, a legitimate penetration testing tool, to conduct cyberattacks,” Candid Technology reported.

Jul. 3: According to The Hacker News, “Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver.”

Jul. 3: The Student Fellows Program at Indiana University at Bloomington will help to prepare students for cybersecurity careers.

Jul. 2: Splunk released patches for three “high severity issues” in its enterprise and cloud platform.

Jul. 2: Security researchers discovered a supply chain attack in CocoaPods, an open source dependency manager, that potentially makes “almost every Apple device” vulnerable. Jul. 1: According to Infosecurity Magazine, “The EU Commission has informed Meta that its ‘pay or consent’ model breaches EU law as it does not allow users to freely consent to their personal data being collected for advertising purposes.”

Jul. 1: An Anchorage man was convicted of cyberstalking a woman for over four years.

Jul. 1: Security researchers at Qualys reported a vulnerability in OpenSSH’s server that potentially allows unauthenticated remote code execution.

Contributors

Kacy Zurkus

Director of Content, RSAC

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSAC™ Conference, or any other co-sponsors. RSAC™ Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs