Weekly News Roundup October 22-27, 2023


Posted on by Kacy Zurkus

Why CISA Matters

 

It’s often said that two things can be true at once. This week, there are many truths about the Cybersecurity and Infrastructure Security Agency (CISA) that made headlines—most concerning are reports of on-going efforts to cut funding to the federal agency that was designed only five years ago to protect elections and critical infrastructure in the USAccording to Federal News Network,[CISA’s] role in helping to defend federal networks from cyber incidents has grown massively in recent years,” and there are continued expansion plans outlined in a report published by the Center for Strategic and International Studies.

  

CISA’s Ongoing Efforts

 

Despite looming skepticism and the question of how reduced future funding could impact the agency, CISA continues to work in collaboration with the private sector to achieve its mission of securing civilian government networks. This week, CISA published a cybersecurity tool kit with resources for the healthcare sector and resources to strengthen the supply chain of SMBs. The agency also awarded $6.8 million in funding for K-12 cyber education.

 

In prepared testimony for a hearing conducted by the US Homeland Security Committee on Cybersecurity and Infrastructure Protection, CISA’s Executive Assistant Director Eric Goldstein wrote, “for the first time, we have real-time visibility into vulnerabilities and misconfigurations across 102 agencies, allowing timely remediation before intrusions occur.” The agency is also working in collaboration with key stakeholders to publish a new version of the National Cyber Incident Response Plan framework, a mandate of the 2023 National Cybersecurity Strategy.To learn more about the benefits of a “whole-of-the-nation” approach to improving national cybersecurity, read Reimagining Public Private Partnerships: Minimizing Systemic Risk and Transforming National Cybersecurity Resilience.

 

What Else Made Headlines This Week

 

Oct. 27: Congratulations go out to Germany for taking first place in the 2023 European Cybersecurity Challenge.

  

Oct. 27: ISC2 hosted its annual Security Congress this week, where many industry leaders opined on the ways that Generative AI can enhance security.

  

Oct. 26: Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS),” The Hacker News reported

  

Oct. 26: An opinion piece, penned by Stephen Gorham, COO, OPSWAT, in Dark Reading examines the impact a government shutdown would have on cybersecurity.

  

Oct. 26: CPO Magazine reported, “Leading insurer Lloyd’s of London has issued a dire warning about a potential cyberattack scenario on one of the world’s major payments systems, estimating that the global cost would total about $3.5 trillion and that much of the recovery cost would not be covered by insurance policies.

  

Oct. 26: WSAV in Savannah, Georgia reported that cyber abuse, including stalking, harassment, doxxing, and sextortion has become the latest form of domestic violence.

   

Oct. 25: According to South China Morning Post, “China has introduced regulations to step up the protection of minors in cyberspace, in an attempt to fend off risks ranging from internet violence to addiction.

  

Oct. 25: RTX, the company formerly known as Raytheon, sold its cybersecurity, intelligence, and services division to an unnamed buyer for $1.3 billion.

  

Oct. 25: Students at universities across the country that are part of the Consortium of Cybersecurity Clinics are providing pro-bono services, “to local organizations that may be struggling with high volume cyber threats and do not have the proper resources or training.

  

Oct. 24: Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens of websites, exposing people to credential theft, financial fraud, and other cybercriminal activity,” Dark Reading reported.

  

Oct. 23: The District Attorney’s Office in Orange County, California experienced a cybersecurity breach that was quickly isolated to minimize impact.

  

Oct. 23: CyberScoop reported, “A breach of Washington, D.C. voter data may have been broader than initially understood and may have included the entire voter roll, the District of Columbia Board of Elections said in a statement Friday.

  

Oct. 23: Hamas used the messaging app Telegram to distribute an app, which reportedly enabled researchers at Recorded Future to discover a link between the Iranian government and the militant Palestinian group.

   

Oct. 22: Cyber scams continue to bamboozle victims, mostly those from China who in looking for work are lured into scam compounds throughout Southeast Asia.

 

Contributors
Kacy Zurkus

Director of Content, RSAC

RSAC Insights

disinformation campaigns/fake news professional development firewalls intrusion prevention/detection Professional / Workforce Development Cyber Warfare / Cyber Weapons physical security denial of service government regulations security jobs Cyber-Physical Systems Cloud Infrastructure security services security education

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs