Weekly News Roundup November 29-December 3, 2021


Posted on by Kacy Zurkus

With only a few weeks left in the year, many are now focused on 2022. The RSA Conference team is excited to bring our community together in San Francisco February 7-10, and this week we had two major news announcements. The RSAC 2022 agenda is live, and we have an incredible lineup of keynote speakers who will be joining us on both the West and South Stages.  

CISA also named nearly two dozen members to its new Cybersecurity Advisory Committee, an impressive collection of distinguished leaders and industry influences across multiple sectors (some of whom you’ll see on the RSAC 2022 stage). In thinking about what public-private partnerships and collaboration mean to our industry while exploring this week’s headlines, I thought about Aeschylus’ Oresteia and the concept of justice. Many reports this week affirmed the good that can come from working together. We see the successes law enforcement is having with identifying malicious actors and bringing them to justice.

As the chorus sang in the Oresteia, the cybersecurity industry should also exclaim, “Cry sorrow, sorrow – yet let good prevail!” Here are a few examples of why: Krebs on Security reported that Nickolas Sharp, a former developer at Ubiquiti Networks, was charged with extortion for allegedly causing a data breach in 2020. The Department of Justice sentenced a Philadelphia man to seven years in prison for defrauding the IRS and running a fraudulent debt relief scheme. Bleeping Computer reported, “The FBI seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate.” Europol arrested 12 online fraudsters in a global counterfeiters operation. And, according to The Daily Swig, “The final member of an international hacking group known as ‘The Community’ has been sentenced for his role in a multimillion-dollar SIM-swapping campaign.” Yes, “let good prevail!”

For more information on the benefits of public-private partnerships and intelligence sharing, explore the educational content available in our Library.

Now, let’s take a look at what else made industry headlines this week.

Dec. 3: Facebook continues to struggle with combatting disinformation.

Dec. 3: “A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access,” The Hacker News reported.

Dec. 2: Though the CEO of the American Public Transportation Association (APTA) argued that imposing a uniform reporting mandate on critical infrastructure could negatively impact rail transit systems, the federal government has set forth two new cybersecurity requirements for critical passenger and freight railways.

Dec. 2: According to Threat Post, the highly sensitive clinical information of 400,000 Planned Parenthood patients was compromised in a ransomware attack.

Dec. 1: NBC News reported, “There’s just no longer any reason for regular people to pay for antivirus software for their personal devices.”

Nov. 30: Kristina Balaam, Senior Security Intelligence Engineer at Lookout, penned a blog about finding her niche in cybersecurity, noting, “Despite a lack of exposure to issues in computer security during my undergraduate education, I now work as a senior threat researcher tracking advanced persistent threats as they relate to nation-state actors and cybercriminal organizations.”

Nov. 29: Those hospitals that have been the victims of cyberattacks resulting in data breaches are now being hit with class-action lawsuits, with former patients alleging the institutions did not do enough to safeguard data.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

ransomware professional development & workforce fraud hackers & threats threat intelligence disinformation campaigns/fake news critical infrastructure PII cyberattacks

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community