Weekly News Roundup September 16-20, 2024

Posted on September 20, 2024 by Kacy Zurkus

The fog of war has certainly had the intended effect of creating widespread paranoia this week after the devastating news about pagers and radios exploding in attacks against Hezbollah. It’s no surprise that many device owners in Lebanon and the world over are now concerned about their smartphones being weaponized. For those who are concerned, Tech Informed published a story to calm rising fear, uncertainty, and doubt.

While the ‘how’ of executing these attacks is still uncertain, cybersecurity experts are presenting what appears to be a unified perspective: these devices were not hacked. The Stack reported, “A "pure" cyberattack is pretty implausible.” Overwhelmingly, security experts agree that the most likely scenario is these devices were tampered with at some point in the supply chain. According to Wired, executing or even recreating the scale and scope of such attacks, “would be prohibitively difficult to maintain over time for key consumer devices like smartphones—which are used so widely and regularly scrutinized by researchers, product testers, and repair technicians.”

To understand more about the cyber risks of geopolitics, visit our Library. Now let’s take a look at what else made industry headlines this week.

Sept. 20: The San Diego County Grand Jury issued a report applauding the San Diego County Office of Education (SDCOE) for their leadership in addressing cybersecurity issues in K-12 education.

Sept. 20: The Cybersecurity and Infrastructure Security Agency (CISA) announced the 2024 National Cybersecurity Virtual Career Fair being held on Friday, September 27.

Sept. 19: Members of Joe Biden’s campaign were reportedly offered stolen Trump campaign information and declined what Kamala Harris called, “unwelcome and unacceptable malicious activity.”

Sept. 19: Researchers at SpyCloud found that the rise in ransomware attacks are being driven by infostealer malware and digital identity exposure.

Sept. 19: Microsoft has revealed a ransomware strain called INC that has been targeting the healthcare sector in the US.

Sept. 18: The FBI and their partners disrupted a Chinese Botnet—freeing thousands of impacted devices from its clutches.

Sept. 18: Discord has launched a new protocol called Dave, a custom end-to-end encryption to help protect audio and video calls.

Sept. 17: “Google has patched a flaw in its Google Cloud Platform (GCP) that attackers could have exploited to execute a supply chain attack on millions of customer cloud servers,” Dark Reading reported.

Sept. 17: Instagram is creating teenage accounts for those who are 16 and under, with new safety features including parental permission and contact restrictions.

Sept. 16: A networking hardware maker, D-Link, announced patches for critical severity vulnerabilities that could lead to remote code execution.

Sept. 16: The National Security Agency has launched its 11th annual Codebreaker challenge, offering students from US a chance to explore real-world cybersecurity scenarios.

Contributors

Kacy Zurkus

Director of Content, RSAC

RSAC Insights

war story Device Security mobile device security Hackers / Threats supply chain

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.