Weekly News Roundup March 27–31, 2023

Posted on by Kacy Zurkus

There’s nothing I find more annoying than when someone engages in tit-for-tat criticisms. We’ve likely all been there, either with siblings, friends, or partners. It’s the worst form of gaslighting. So, when I read the Reuters headline this morning declaring, “China to examine US chipmaker Micron’s products for cybersecurity risks,” I rolled my eyes. As the story noted, “The move, which comes amid a spat over chip technology between Washington and Beijing.” Additional news that Japan announced it would join the United States in its efforts to “curb China’s ability to make advanced chips” only makes China’s decision feel more avenging in the ongoing chip war.

That’s not to say there’s no due cause for China’s decision to look into Micron’s products, but optics matter. According to The Wall Street Journal, “a move that is likely to put global firms operating in China further on edge at a time of escalating U.S.-China tension.”

Indeed we are in a new era for supply chain, a topic that will be debated by industry influencers next month at RSA Conference 2023.

Now let’s look at what else made industry headlines this week.

Mar. 31: According to The Register, the Information Commissioner’s Office issued a reprimand to NHS Highland after a mass email distribution that was supposed to be blind carbon copied (BCC) to all recipients was instead sent using carbon copy (CC) so that the emails of all recipients (patients infected with HIV) were visible.

Mar. 31: Bitdefender wrote that the PII of nearly 50,000 special education students and their parents was stored on a non-password-protected database.

Mar. 31: The National Cyber Security Centre (NCSC) amended its Cyber Security Board Toolkit to include additional resources, including videos, podcasts, and activities, for boards to ensure that organizations take the necessary steps to improve their security posture.

Mar. 30: “More than 5,000 pages of documents from a Moscow-based contractor offer unusual glimpses into planning and training for security services, including the notorious hacking group Sandworm,” The Washington Post reported.

Mar. 30: Those who don’t have a registered TikTok account could still be sharing browser type, phone information, and IP address data, according to news from USA Today.

Mar. 29: The Hacker News reported, “Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022.”

Mar. 29: SentinelOne continues its investigation into the ongoing supply chain attack on 3CX, a global provider of video conferencing and online communication products.

Mar. 29: The United States has provided a total of $50 million in aid to Costa Rica and Albania so that the countries can strengthen their cybersecurity after suffering destructive attacks.

Mar. 28: OpenAI, the creator of ChatGPT, confirmed a data breach that took the chatbot offline early last week.

Mar. 28: Krebs on Security reported, “The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.”

Mar. 28: CISA Director Jen Easterly warned that a proposed cut to the FY 2024 budget would “put us back in a pre-SolarWinds world where we’ll lose that visibility that we’ve developed and that’s harmful to our security as a nation.”

Mar. 27: BleepingComputer reported, “Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.”

Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

zero day vulnerability

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs