Weekly News Roundup May 25-29, 2020

Posted on by Kacy Zurkus

Friday came quickly on this first short workweek of the summer. Hopefully, as we approach the Fourth of July, we’ll be able to partake in larger celebrations. But holidays aren’t the only thing to celebrate, especially for those students who are part of UVA’s student Cyber Defense Team. On May 23, the team won its third national championship title at the National Collegiate Cyber Defense Competition, a competition sponsored by Raytheon Technologies.

Apparently, college students aren’t the only group being challenged to showcase their cybersecurity talents. Mississippi Senator Roger Wicker is pressing the White House to incentivize the private sector to ramp up their efforts to address COVID-19-related security challenges with prize competitions. Wicker was also part of a larger effort to establish the Cyber LEAP Act of 2020, which “establishes a national series of Cybersecurity Grand Challenges so that the country can ‘achieve high-priority breakthroughs in cybersecurity by 2028,’ ” CSO Online reported.

One more noteworthy festivity that’s forthcoming: Canada will be celebrating the top 20 women in cybersecurity. We know the week has been filled with other headlines competing for your attention, so here’s a look at some that you might have missed.

May 29: The National Security Agency published an alert warning that Russian actors have been “exploiting a vulnerability in Exim Mail Transfer Agent (MTA) software since at least August 2019. … The cyber actors responsible for this malicious cyber program are known publicly as Sandworm team.”

May 29: The American Civil Liberties Union (ACLU) has filed a lawsuit against Clearview AI “for amassing a database of biometric face-identification data of billions of people and selling it to third parties without their consent or knowledge,” Threatpost reported.

May 28: “The Accreditation Body (AB) that is overseeing the program—known as Cybersecurity Maturity Model Certification (CMMC)—has released new videos and requests for information that shed light on how assessors will be trained and credentialed,” FedScoop reported.

May 28: Cisco announced that it acquired the software firm ThousandEyes in its continued effort to expand the company’s cloud-based software offerings.

May 28: GitHub’s Security Lab reported, “On March 9, we received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself.”

May 28: Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, delivered a TED Talk on the increasing concerns of stalkerware.

May 27: Google has reportedly seen a spike in state-backed hackers using Gmail accounts to spoof the World Health Organization, targeting financial services and healthcare industries with phishing attacks. 

May 26: In a joint effort to develop a series of exercises and prevention campaigns to combat growing cyberthreats across the EU, “Europol’s European Cybercrime Centre (EC3) signs a Memorandum of Understanding (MoU) with Capgemini, a global leader in consulting, technology services and digital transformation.”

May 25: The Hill reported, “Cash-short state and local governments are pleading with Congress to send them funds to shore up their cybersecurity as hackers look to exploit the crisis by targeting overwhelmed government offices.”

Kacy Zurkus

Senior Content Manager, RSA Conference

hackers & threats professional development & workforce privacy

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs