Weekly News Roundup July 11-15, 2022


Posted on by Kacy Zurkus

At the start of the week, identity and access management were front of mind after Brian Krebs reported, “KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs.” Not surprisingly, a bevy of social media posts ensued with a combination of criticism and concern.

Equally concerning was news from Microsoft reporting on a massive phishing campaign targeting thousands of organizations. According to Dark Reading, the campaign “does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.”

These stories and others like them highlight the risk of identity theft for individuals and businesses alike. Undoubtedly, the proliferation of risk reiterates the dire need to recruit more cybersecurity professionals into the field. As Jen Easterly and Chris Inglis celebrate their one-year anniversary of leading the nation’s cybersecurity strategies and initiatives, it’s worth noting that the federal government has taken several steps to develop a robust cybersecurity workforce. This week, CISA signed a Joint Workplan with Australia’s Cyber Security Centre. In a LinkedIn post announcing the effort, CISA wrote, “The signing of the Joint Workplan further exemplifies CISA and ACSC’s commitment to working together to develop a common strategy to protect and defend our global cyber ecosystem, cultivating an environment where network defenders and risk managers can collectively prevent and mitigate threats to critical infrastructure.”

To learn more about identity and access management, read about eight identity management best practices and explore other learning opportunities available in our Library.

Now let’s look at what else made industry headlines this week.

Jul. 15: Infosecurity Magazine reported, “Falling cryptocurrency prices are putting pressure on crypto exchanges on the dark web and causing a “bank run,” security researchers have found. This is making it harder for threat actors to “monetize” their attacks, buy vulnerabilities or fund malware-as-a-service operations.”

Jul. 15: A report released by the Cyber Safety Review Board deemed the Log4j flaw an endemic problem.

Jul. 14: Medical devices could soon be added to Singapore’s list of IoT that need to undergo a cybersecurity labeling scheme as part of an effort to improve security in operational technologies.

Jul. 14. Bleeping Computer reported, “Researchers at Microsoft Threat Intelligence Center (MSTIC) are tracking the Holy Ghost ransomware gang as DEV-0530.”

Jul. 13: “A ransomware attack on a little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be one of the biggest data breaches of personal and health information this year,” TechCrunch reported.

Jul. 13: The former CIA employee who was charged with turning over a trove of classified information to WikiLeaks in what has been dubbed the “largest leak of classified data in the agency’s history” has been convicted on all counts.

Jul. 12: According to The Hacker News, “Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.”

Jul. 12: Recognizing the EU’s GDPR has become the global standard for privacy, experts in the United States reportedly fear it is falling behind as a leader in cybersecurity, according to The Hill.

Jul. 12: A US startup boasts that it “scours open-source data in China to identify technologies most at risk of being stolen — and the people who might be tempted to steal them.”

Jul. 11: The Daily Swig reported, “The first four standardized protocols for post-quantum cryptography have been unveiled, laying the foundations for the development of apps and web technologies that incorporate “future proof” encryption.”

Jul. 11: Non-fungible token traders who rely on the Axie Infinity platform lost a reported $540 million in cryptocurrency after a North Korean APT unleashed a spear phishing attack using social engineering tactics.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

identity management & governance identity theft access control critical infrastructure cyberattacks security awareness security jobs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community