Weekly News Roundup September 25-29, 2023

Posted on September 29, 2023 by Kacy Zurkus

It’s nearly October, and in the cyber industry, we all know what that means: Cybersecurity Awareness Month!

In 2022, Cybersecurity Awareness Month encouraged folks to see themselves in cyber, which gave RSAC the opportunity to connect with members of our community (Jaclyn Scott, Danielle Levin, Tanisha O’Donoghue, and Jenko Hwong) to hear the stories of how they found themselves in cybersecurity careers. (Side note: the RSA Conference 2024 Call for Submissions, so you too can share your story)

As CISA launched its “Secure Our World” campaign in the lead up to Cybersecurity Awareness Month 2023, ransomware continued to plague victims from the Philippines Health Insurance Corporation to Sony and Johnson Controls. Because Johnson Controls is a government contractor, the Department of Homeland Security is investigating this particular attack to determine whether “sensitive physical security information such as DHS floor plans” may have been compromised. The threat or ransomware is real, making the need for users to recognize phishing even more critical.

That’s why the goal of this year’s campaign is to educate all Americans to improve their cyber hygiene by adopting what CISA calls four easy ways to stay safe online: Use strong passwords, turn on MFA, recognize and report phishing, and update software.

For more on how to prepare for a career in cybersecurity or advance your existing skillsets, visit our Library. Now let’s look at what else made headlines this week.

Sep. 29: Progress Software, the developers of MOVEit, issues fixes for eight vulnerabilities, one of which is a critical new vulnerability affecting, “one of its flagship file transfer software products.”

Sep. 28: Dark Reading reported, “So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.”

Sep. 28: In the aftermath of the ransomware attack at Johnson Controls, the company has seen a 5.7% drop in shares.

Sep. 28: “Speaking at a first-of-its-kind Western Hemisphere Cyber Conference, Mayorkas warned that China’s prices are “too good to be true” and that countries in Latin America face a difficult choice about accepting low-cost investments now in exchange for cybersecurity risks in the long term,” CyberScoop reported.

Sep. 27: An unnamed staffer who works for Senator Eric Schmitt reportedly told Reuters that 60,000 emails from 10 State Department accounts were among the data compromised when Chinese hackers breached Microsoft earlier this year.

Sep. 27: “KrebsOnSecurity has learned that Snatch’s darknet site exposes its “server status” page, which includes information about the true Internet addresses of users accessing the website.”

Sep. 26: According to news from The Hill, the education sector is the fifth most targeted industry for data breaches.

Sep. 25: TechCrunch outlined what organizations need to know about the new Securities and Exchange Commission rules requiring reporting of cybersecurity incidents.

Contributors

Kacy Zurkus

Director of Content, RSAC

RSAC Insights

software integrity business continuity & disaster recovery network access control Advanced Threat Protection intrusion prevention/detection Professional / Workforce Development password management ransomware Patch Vulnerability / Configuration Management phishing

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.