Weekly News Roundup July 18-22, 2022


Posted on by Kacy Zurkus

Last week, I was able to catch Dave Matthews Band (DMB) live as part of their 2022 tour. It was as amazingly uplifting as the first time I saw him live decades ago. DMB is pretty much all I listen to, all the time, so the lyrics are constantly whirling in my head. Somewhat problematic is the fact that my husband works in satellite communications. When he talks about his work, I want to ask, “Who’s the king of your satellite castle?”

This morning, I found myself singing, “let the children run the show,” when reading “Three Reasons Young People Will Change Cybersecurity.” Both the song and the article propose that young people can lead the way. Author Arti Raman writes, “An industry that’s so deeply dependent on innovation and fresh thinking must eventually place its faith in younger generations or risk falling behind.” With an eye on tomorrow, the Biden Administration aims to fill hundreds of cybersecurity jobs and announced plans to focus on recruiting young people.

At the National Cyber Workforce and Education Summit hosted earlier this week, various stakeholders engaged in roundtable discussions to explore “ways to improve practices in cyber-adjacent fields.” Several announcements came out of the summit, including making “a range of cyber curricula and resources easier to use for K-12 teachers and leaders by creating a K12 Educator FAQ resource.”

In reflecting on all this news, the lyrics of “Dive In” come to mind, and I hear Dave Matthews singing, “tell me everything is all taken care of by those qualified to take care of it all.”

While I return to my Spotify happy place, I’ll leave you with this look at what else made industry headlines this week.

Jul. 22: Atlassian notified customers of a problem with the use of hard-coded credentials for Confluence Server and Data Center and advised that users install the patch immediately.

Jul. 22: Security Week reported, “Recent Windows 11 builds come with an account lockout policy enabled by default, to prevent remote desktop protocol (RDP) and other types of brute force attacks.”

Jul. 22: New research published by Check Point revealed that once again, LinkedIn tops the list of most impersonated brands used in phishing attacks.

Jul. 22: “Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials,” Infosecurity Magazine reported.

Jul. 21: Security researchers discovered a variant of the MedusaLocker ransomware, and the host is believed to be located in Ohio, according to CyberScoop. 

Jul. 21: “A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said,” Ars Technica reported.

Jul. 20: The Daily Swig reported, “Six as-yet-unpatched vulnerabilities unearthed by BitSight researcher Pedro Umbelino affect the API server, GPS tracker protocol, and web server of the MV720 GPS tracker, which was developed by China-based company MiCODUS.”

Jul. 20: The Ukraine IT Army, a group of volunteer hackers, is reportedly taking down several Russian targets in a cyberwar the group launched only days after Russia invaded Ukraine.

Jul. 19: The FBI warned that hundreds of US investors have been defrauded by threat actors leveraging fraudulent cryptocurrency apps.

Jul. 18: Google removed dozens of apps reportedly spreading malware throughout its Play Store.


Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

cyber warfare & cyber weapons ransomware security jobs security education professional development & workforce zero day vulnerability phishing patch vulnerability & configuration management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community