Weekly News Roundup September 26–30, 2022


Posted on by Kacy Zurkus

Over the past several weeks, we’ve seen a proliferation of text-based phishing attacks. This, combined with last week’s news of the cyberattack on Optus, one of Australia’s largest telecommunications companies, which came on the heels of the 0ktapus phishing campaign targeting Okta customers, makes me want to ditch the cell and return to the landline. You might think I’m being hyperbolic, and for the most part, I am, but it’s hard not to reflect on the old days and feel that life was a lot simpler before all these connected devices. OK, I sound like a grandma. I get it.

Sure, advances in technology have afforded us many perks and conveniences, but it’s also allowed for some really ugly behaviors. For example, hackers breached the content management system used by the business and tech magazine Fast Company and reportedly disseminated “obscene and racist push notifications to followers of the magazine in Apple News.” Is anyone else reminded of the hackneyed expression, “Just because you can do something doesn’t mean you should”?

Lest I get swept away in the negative, I’ll shift my focus to the ever admirable Director of CISA, Jen Easterly, who “hopes to change your dinner table conversation” from ransomware to cybersecurity. As we embark on Cybersecurity Awareness Month, I am optimistic that we are Stronger Together. If you see yourself in cyber, be sure to submit a topic for consideration as part of the RSAC 2023 agenda. Need some inspiration on what to talk about? Check out these Top-Rated Sessions from RSA Conference 2022 in our Library.

Now let’s look at what else made industry headlines this week.

Sep. 30: Multiple news outlets reported on a new Microsoft Exchange zero-day vulnerability being exploited in the wild.

Sep. 30: According to news from CNET, the Federal Trade Commission issued a warning about potential student loan relief scams and the red flags people should watch for.

Sep. 30: The Register reported, “Two now-former eBay executives who pleaded guilty to cyberstalking charges this year have been sent down and fined tens of thousands of dollars.”

Sep. 29: WIRED reported that local law enforcement is ill-equipped to help victims of cryptocurrency crimes.

Sep. 29: “Canon Medical’s Vitrea View is a widely used tool for securely sharing medical images between radiologists, physicians, and other healthcare providers on a patient care team,” Dark Reading reported.

Sep. 29: Attackers reportedly discovered a new attack method in VMware ESXi hypervisors that allows them to gain control of virtual machines for Windows and Linux.

Sep. 29: A nefarious actor has created a slew of fraudulent LinkedIn profiles for Chief Information Security Officers of Fortune 500 companies, according to a report from Krebs on Security.

Sep. 28: The Department of Justice announced that a Honolulu man faces up to 10 years in prison after pleading guilty to sabotaging the computer network of his former employer.

Sep. 27: Bloomberg Law reported, “A string of recent state-sponsored cyberattacks has US government agencies stepping up their cybersecurity protocols and advisement, creating pressure for private-sector companies to shore up their defenses or risk potentially devastating hacks.”

Sep. 26: According to NBC News, TikTok could have to pay $29 million in fines to the UK for improperly handling children’s data.

Sep. 26: HealthITSecurity reported, “Long-running Chinese state-sponsored threat group APT41 continues to pose a danger to healthcare cybersecurity.”

Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

phishing mobile security cyberattacks ransomware zero day vulnerability fraud critical infrastructure secure payments & cryptocurrencies cyber warfare & cyber weapons

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs