Weekly News Roundup July 8-12, 2024


Posted on by Kacy Zurkus

Like many of you readers, I too have signed up for the Cybersecurity and Infrastructure Security Agency’s (CISA) newsletter. While many of the breach or vulnerability notifications are informative, not all of them give me pause. But pause I did when I saw today’s news that AT&T disclosed a breach of customer data. Upon further investigation, it appears hackers accessed the data of approximately 95 million customers, including some people’s swiped location data.

The security of cyber-physical systems is increasingly front of mind for security teams and government entities alike. According to Manufacturing.net, “The industrial sector has seen increasingly sophisticated and destructive attacks. From manufacturing facilities to industrial control systems, cybercriminals recognize that companies in this sector are particularly vulnerable, and potentially lucrative targets due to their indispensable role in supply chains and critical infrastructure.” 

Given the increased risks to biosecurity, Health Policy Watch, and independent global health reporting publication, highlighted recent guidance published by the World Health Organization. 

How do we best address the growing security concerns of connected devices? Pipeline recognized that there is no single entity responsible for securing these cyber-physical systems, but, “A number of key acts and regulations have been rolled out by government institutions and regulators to enhance IoT device security within their respective markets.”

Have ideas or guidance on securing cyber-physical systems that you’d like to share with the RSAC community? Submit a topic for consideration or keep the conversation going on your social channels using #RSAC.

Now let’s take a look at what else made industry headlines this week.

Jul. 12: Boston Dynamics robot, Atlas, has reportedly already mastering the art of manipulating its surroundings and completing menial tasks.

Jul. 11: The Hacker News reported, “Spanish language victims are the new target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT.”

Jul. 11: A new threat actor, Crystalray, is using an arsenal of open source software to steal credentials.

Jul. 10: Moody’s report warned that GenAI deepfake political content could present risk and undermine US institutional credibility.

Jul. 10: The National Security Agency (NSA) released their final Zero Trust Pillar Report that outlines how to detect and respond to cyberthreats in a timely manner.

Jul. 9: The City of Philadelphia revealed that over 35,000 individuals personal and protected health information were impacted after their breach incident last May.

Jul. 9: The Justice Department announced they seized 968 social media account used by Russian actors to create an AI-enhanced bot farm that spread disinformation in the US and globally.

Jul. 8: CISA held their first Open Source Software Security Summit in March to help drive security improvements, and they have released the latest iteration of initiatives in a framework to “drive visibility in oss usage and risks.”

Jul. 8: According to a Cybernews investigation, almost 10 billion passwords have been exposed on a popular hacking forum.


Contributors
Kacy Zurkus

Director of Content, RSAC

RSAC Insights

exploit of vulnerability hackers & threats supply chain critical infrastructure Internet of Things government regulations phishing

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs