Weekly News Roundup June 20-24, 2022


Posted on by Kacy Zurkus

While many of us are not seeing big savings at the gas pump, zero trust segmentation is demonstrating a significant financial impact on businesses, according to news from Help Net Security. “Organizations that have adopted zero trust segmentation as part of their zero trust strategy save an average of $20.1 million in application downtime, avert 5 cyber disasters per year, and plan to accelerate 14 more digital and cloud transformation projects over the next year.”

Of course, there is no silver bullet. But in addition to zero trust segmentation, businesses can implement other proactive strategies, such as security awareness and training programs, in order to improve their overall cybersecurity posture. Knowledge is power, and when employees have the ability to recognize scams, they are empowered to make better choices for themselves and their employers. 

Toward that end, Microsoft announced this week that the company will be working in collaboration with India’s ICT Academy to “empower 400 faculty members across 100 rural institutions in India with industry relevant skills in cybersecurity, equipping them with the tools to train students.”

Now let’s take a look at what else made industry headlines this week.

Jun. 24: “Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls,” Threatpost reported.

Jun. 23: Dark Reading reported, “A China-based advanced persistent threat (APT) actor, active since early 2021, appears to be using ransomware and double-extortion attacks as camouflage for systematic, government-sponsored cyberespionage and intellectual property theft.”

Jun. 23: The Hill reported that two pieces of legislation, the Federal Rotational Cyber Workforce Program Act of 2021 and the State and Local Government Cybersecurity Act, became law this week.

Jun. 23: Joint federal agencies issued an alert warning, “network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.”

Jun. 22: Russian President Vladimir Putin allegedly has plans to double down on misinformation operations with the aim of creating false narratives that will stir mistrust in Americans.

Jun. 22: PortSwigger reported, “API insecurity is responsible for between 4.1% and 7.5% of cybersecurity incidents, according to a new study.”

Jun. 22: In his keynote talk at Infosecurity Europe 2022, Mischa Glenny reportedly expressed concerns about geopolitical tensions and their impact on cybersecurity.

Jun. 21: “Popular domain registrars put up few barriers for those seeking to acquire domains suggesting illegal activities, according to a report from consumer watchdog group Digital Citizens Alliance,” CyberScoop reported.

Jun. 21: An investigative team from The New York Times spent more than a year tracking and analyzing China’s surveillance operations and concluded the Chinese government’s goal is “designing a system to maximize what the state can find out about a person’s identity, activities and social connections, which could ultimately help the government maintain its authoritarian rule.”

Jun. 21: At its Security & Risk Management Summit, Gartner recommended steps for strategic security planning over the next two years.

Jun. 20: Team Europe celebrated a big win after coming in first place in ENISA’s International Cybersecurity Challenge.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

zero trust security education security awareness malware ransomware persistence privacy cyber espionage business continuity & disaster recovery disinformation campaigns/fake news

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community