Weekly News Roundup September 18-22, 2023


Posted on by Kacy Zurkus

I have two cats. As I am with my paper towels (I only buy Viva), I am quite particular about my cat litter, which is why the data breach at Clorox was disappointing news as I am awaiting my next shipment of Scoop Away cat litter, which will apparently be delayed.

 

Understanding that every organization is constantly under threat, I can assure the parent company of Scoop Away that from a consumer perspective, this incident will not tarnish your brand’s reputation for me. Rather, I’m delighted to read, “We expect to begin the process of transitioning back to normal automated order processing the week of Sept. 25, and we have already resumed production at the vast majority of our manufacturing sites.”

 

Cyberattacks and security incidents are the norm, and whilst they might disrupt operations temporarily, resulting in frustration for some, this is what Gentry Lane, CEO and Founder of ANOVA Intelligence calls the ‘real’ concept of cyberwar.

 

“In its most extreme condition, it will throw the economy and social order into chaos, forcing the entire country into a survival mode that no one is prepared for. Or, less extreme, the conveniences of Western life will be frustratingly unstable,” Lane wrote in a Forbes Technology Council post.

 

For insight on how public/private partnerships can help mitigate risk and minimize the impact of a cyberattack, watch: Ransomware: From the Boardroom to the Situation Room or explore the RSAC Library for a wide array of content on business continuity and disaster recovery

 

Now here’s a look at what else made industry news this week.

 

Sept. 22: "A US government contractor working as an IT administrator at the State department is facing a maximum penalty of death or life in prison after being arrested on serious espionage charges," Infosecurity Magazine reported.

Sep. 21: CNN reported, “Major US voting equipment manufacturers are enlisting cybersecurity experts to provide additional stress-tests of their systems as the 2024 election looms and misinformation remains rife with American voters.”

Sep. 21. Cisco announced it will acquire Splunk in a cash deal valued at $28 billion.

Sep. 20: Cyber Avengers, a pro-Iranian attacking group, has allegedly been attacking the infrastructure of Israeli Railways since 2020.

Sep. 20: Security Week reported, “Authorities in Finland and Europol on Tuesday announced the seizure of Piilopuoti, a drugs marketplace operating on the Tor network since May 2022.”

Sep. 19: AP reported, “The International Criminal Court said Tuesday that it detected “anomalous activity affecting its information systems” last week and took urgent measures to respond. It didn’t elaborate on what it called a “cybersecurity incident.”

Sep. 19: In the three years since the Cyberspace Solarium Commission released its recommendations for improving cybersecurity, approximately 70% of its recommendations have been implemented or are in the process of being implemented.

Sep. 19: “Telecommunications providers across the Middle East are being targeted with a new malware family that researchers are calling “HTTPSnoop”, The Record reported.

Sep. 19: More than 700 retail companies experienced data leaks between December 2019 and July 2023, reportedly making the retail industry the third highest sector to have leaked client data.

Sep. 18: Researchers at Wiz discovered that 38 terabytes of data were accidently exposed on Microsoft’s GitHub repository.

Sep. 18: The Health Sector Cybersecurity Coordination Center (HC3) issued a sector-wide alert warning that Lazarus, the North Korean hacking group, has been targeting healthcare organizations in Europe and the US.

Sep. 18: Bleeping Computer reported, “The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.”


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

supply chain cyber warfare & cyber weapons cyberattacks critical infrastructure standards & frameworks malware misconfiguration cloud security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs