Weekly News Roundup September 11–16, 2022


Posted on by Kacy Zurkus

I remember when Apple’s Think Different campaign took over billboards in the late 90s. My former English teacher was aghast at the tech giant’s blatant disregard for the rules of grammar. “It should be Think Differently,” she declared with consternation, fearful that the advertising campaign would lead to the demise of the -ly adverb. This was before the birth of social media platforms, which we know have enormous power to shape the way that people think.

Now it’s not billboards but Twitter, Facebook, and TikTok that are influencing people’s thoughts, and I’m the one who is fearful of people being misled. My brother is a big fan of TikTok and sends me video clips on the regular. While I enjoy watching them, I’ve never downloaded the app for several reasons—not least of which is my concern that these platforms are littered with disinformation.

I thought I was an anomaly until I read a public service announcement posted by InfoSec Evangelist Brian Roberts who advocated, “you can watch TikTok videos without downloading the app and contributing to this problem.” The problem, as outlined in a opinion piece in The Hill, scribed by Gordon Chang, is the Chinese Communist Party’s ability to collect the personal data of the vast majority of American adults, and TikTok has not committed to stimying the flow of US user data. I appreciate Roberts’s efforts to enhance security awareness. Toward that end, I also found great value in a new series of videos, Cyber Tricks Revealed, intended to help users understand the tactics and techniques of cybercriminals.

To learn more about security awareness and how to address the growing challenges of disinformation campaigns, check out the Hugh Thompson Show from RSA Conference 2022 and explore other content available in our Library.

Now let’s look at what else made industry headlines this week.

Sep. 16: Infosecurity Magazine reported, “Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns.”

Sep. 15: Uber is investigating a breach believed to be the work of an 18-year-old who reportedly, “sent a text message to an Uber worker claiming to be a corporate information technology person.”

Sep. 15: Bleeping Computer reported, “The Zoom video conference platform was down and experienced an outage preventing users from logging in or joining meetings..”

Sep. 14: Fraud investigators have discovered incredibly thin card skimming devices used in ATM machines in and around New York City, according to Krebs on Security.

Sep. 14: The Hacker News reported, “A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.”

Sep. 14: The Director of the Office of Management and Budget issued a memo requiring federal agencies to “use third-party software that complies with National Institute of Standards and Technology (NIST) guidelines.”

Sep. 13: The Record reported, “The legislature of Argentina’s capital city announced a ransomware attack this week, saying that its internal operating systems were compromised and WiFi connectivity was down.”

Sep. 13: The problem of cyber-slaves reported by Al Jazeera in August is believed to be proliferating across Asia, with criminals leveraging Telegram to traffic human beings into cyberscamming, according to news from Pro Publica.

Sep. 13: Cyber Scoop reported, “Six current and former social media executives will testify before the Senate Homeland Security Committee Wednesday at a hearing that committee officials say will focus on how algorithms and targeted ads can amplify harmful content and threaten homeland security.”

Sep. 12: Allie Mellen, Senior Analyst at Forrester, shared the formative moment that kept her in cybersecurity with SC Magazine.

Sep. 12: The FBI published a private industry notification highlighting an increased risk to healthcare facilities because of a growing number of both unpatched and outdated vulnerabilities in medical devices.

Sep. 12: “iOS 16’s flashiest new feature might be the new lock screen, but tucked away inside the update are a handful of privacy and security enhancements that can help bring peace of mind, including tools to prevent spyware, replace passwords, and help protect against domestic abuse,” Wirecutter reported.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

phishing cyberattacks social engineering security awareness fraud supply chain software integrity ransomware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community