Weekly News Roundup March 28-April 1, 2022


Posted on by Kacy Zurkus

News that hackers were able to gain subpoena power by sending fraudulent emergency data requests to tech companies and social media firms was, unfortunately for Apple Inc. and Meta Platforms Inc., not an April Fool’s joke. According to the Bloomberg report, “Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$.”

Also significant this week was news that a Texas judge ruled in favor of allowing a class-action lawsuit against not only SolarWinds but also its executives and investors, excluding former CEO Kevin Thompson, whom the court ruled could not be held personally liable because “shareholders have not provided sufficient evidence that the former CEO acted knowingly to deceive investors about the company’s security posture.”

In some good news, the FBI led a global campaign, Operation Eagle Sweep, to curb business email compromise, which resulted in the arrest of 65 alleged cybercriminals across the globe.

To learn more about business email compromise, explore the educational content available in our Library. Now let’s take a look at what else made cybersecurity headlines this week.

Apr. 1: “In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines,” ZDNet reported.

Apr. 1: New legislation to protect against money-laundering in cryptocurrency is underway in the EU.

Mar. 31: CyberScoop reported, “The malware used Feb. 24 to hobble thousands of modems as an effort to disrupt Ukrainian communications networks might be a wiper delivered via a supply-chain attack, according to threat intelligence researchers with SentinelOne.”

Mar. 31: Experts are reportedly concerned about the lag in cybersecurity for the automaker industry, given the rapid rate of technology adoption that has transformed modern vehicles.

Mar. 31: The Record reported, “Army Maj. Gen. Maria Barrett was approved by voice vote to be the next chief of Army Cyber Command and become a three-star general. The promotion will make her the first woman to lead the organization since it was established in 2010.”

Mar. 31: Western companies that continue to do business with Russia could be the target of Anonymous, according to a Twitter post by the group’s alleged affiliates. 

Mar. 30: The Better Cybercrime Metrics Act, intended to aid law enforcement agencies in identifying and dealing with cybercrime, passed in the House with a 377-48 vote. 

Mar. 30: While it’s important to remember that MFA is a critical element of any security strategy, Wired reported, “suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.”

Mar. 29: Europol reported that more than 100 people believed to be involved in a multi-million euro call centre scam were detained by police in Latvia and Lithuania.

Mar. 29: A critical vulnerability in a Sophos firewall product is being actively exploited.  

Mar. 28: “An Estonian man has been sentenced to over five years behind bars for his role in a wide-ranging online fraud and ransomware campaign,” Infosecurity Magazine reported.

Contributors
Kacy Zurkus

Director of Content, RSAC

Hackers & Threats

business continuity & disaster recovery platform integrity secure payments & cryptocurrencies secure payments & cryptocurrencies legislation firewalls policy management exploit of vulnerability VPN cyberattacks risk management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs