The world is feeling the loss of Her Majesty Queen Elizabeth II. Infosecurity Magazine issues a lovely statement of condolence, recognizing, “She brought comfort, leadership and steadfastness to millions of people during her 70-year reign. On behalf of Infosecurity Magazine and our employees and customers, we send our sincerest condolences to the Royal Family and to all those around the world who are mourning her passing.” May she rest in peace.
Between Joe Sullivan’s trial and Mudge’s whistleblower settlement, CISOs and cybersecurity have grabbed several headlines this week. As I read through different reflections on the role of the CISO and the challenges of the job, I came across a LinkedIn post from Andy Bennett, VP of Technology and CISO at Apollo Information Systems. Interestingly, he noted, “more organizations have CISOs than ever before.”
Bennett argued that cybersecurity challenges are indeed an issue of resources, but not the resources you might think. The number one most valuable resource for any organization, Bennet said, is time. “And yet, it can take weeks, months and even years for organizations to make, often basic, decisions to solve the problems and mitigate the risks they face today. That gap to action is a window of opportunity for the threat actors and should pose an unacceptable risk for almost any organization.” Meanwhile, attackers have ample time to steal cryptocurrency, cause massive traffic jams, and infiltrate US school districts.
Now it’s time to take a look at other stories that made industry headlines this week.
Sep. 9: The Daily Swig reported, “A vulnerability in ManageEngine could allow an attacker to execute arbitrary code on affected installations of some of its password and access management tools.”
Sep. 8: Malicious actors have reportedly been using GIFs in a phishing campaign that allows them to steal data in Microsoft Teams.
Sep. 8: North Korean hackers have reportedly been targeting energy companies in the United States, Canada, and Japan with a cyber espionage campaign.
Sep. 8: Though it took weeks of active social media pressure, Cloudflare made what it called a “dangerous” decision to block an alt-right web forum dubbed Kiwi Farms, as its users have allegedly been advocating for and inflicting violence upon members of the trans community.
Sep. 7: A series of cyberattacks on government websites in Albania have led to the country’s Prime Minister severing all diplomatic ties with Iran.
Sep. 7: Bipartisan legislators are advocating for the Satellite Cybersecurity Act and the resources needed to understand the threats specific to this integral part of our critical infrastructure.
Sep. 6: “ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia,” WeLiveSecurity reported.
Sep. 5: According to Business Insider, “Ukrainian hackers set up fake accounts of attractive women to trick Russian soldiers into sending them photos, which they located and passed to the Ukrainian military.”
Sep. 4: Krebs on Security reported, “A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals.”