Weekly News Roundup May 20-24, 2024

Posted on May 24, 2024 by Kacy Zurkus

At its core, cybersecurity is information security—the protection of data, a practice which Karl Maria Michael de Leeus and Jan Bergstra in the book The History of Information Security: A Comprehensive Handbook, contend dates back to ancient times.

Time has marched on, technology has evolved, and so too has the need for Digital Trust Commitments from organizations who rely upon the collection of customer data to inform business strategies and practices. As a result, data protection is no longer solely about securing the “crown jewels” of the organization but is also in large part about protecting privacy.

Kate O’Flaherty, cybersecurity and privacy journalist for Forbes, opined on the privacy implications of the newly launched ChatGPT-4o, noting, “ChatGPT has already made waves in Europe because its policies were previously contrary to the EU General Data Protection Regulation (GDPR).”

During an interview with Harvard Magazine, Bruce Schneier was asked about AI regulations and the impact on data protection policies. Schneier pointed out that, “the EU is very much the regulatory superpower on the planet, and they have a comprehensive data privacy law.” Whether the US will follow suit remains to be seen, but Schneier doesn’t seem optimistic. “Things have to change,” he said. “Right now, money and politics and the power of the tech companies, those are great enough that we’re not going to see reform.”

To learn more, explore RSAC 2024 sessions from the Privacy & Data Protection, currently available On Demand, or visit our Library where you can find new content posted year-round.

Now let’s take a look at what else made industry headlines this week.

May 24: Google released an emergency security update to fix the eighth zero-day vulnerability this year.

May 23: The Record reported, “A requirement for the Pentagon to commission an independent study on the creation of a U.S. Cyber Force was added late Wednesday to the House version of the defense policy bill.”

May 23: “National Records of Scotland (NRS) revealed that sensitive personal data it holds was accessed and published as a result of the ransomware attack on NHS Dumfries and Galloway,” Infosecurity Magazine reported.

May 23: Academics have suggested Apple's Wi-Fi Positionong system (WPS) can be abused by cybercriminals to spy on people around the globe.

May 22: A critical vulnerability found in Netflix’s Genie big data orchestration allowed for the potential of remote code execution.

May 22: Advanced Research Projects Agency for Health (ARPA-H) announced the US is investing $50 million to help secure hospitals against cyberattacks.

May 21: A new campaign known as, CLOUD#REVERSER, is leveraging legitimate cloud storage services to stage malicious payloads.

May 21: Family offices have become lucrative targets for cybercriminals to attack.

May 20: Reuters reported, “Intercontinental Exchange Inc (ICE) will pay a $10 million penalty over cyber intrusions.”

May 20: US officials warn a cell network flaw, known as SS7, is being exploited to spy on Americans.

Contributors

Kacy Zurkus

Director of Content, RSAC

RSAC Insights

data security privacy Artificial Intelligence / Machine Learning zero day vulnerability ransomware exploit of vulnerability disinformation campaigns/fake news

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.