Weekly News Roundup September 20-24, 2021


Posted on by Kacy Zurkus

Election security remains a topic of great concern, particularly as it relates to disinformation and misinformation. While government agencies and security practitioners work to ensure the security of future elections, the Pew Trust reported that disinformation will likely be the “new normal.” There are plenty of examples to support this growing concern. My Pillow CEO Mike Lindell continues to make spurious claims about voting machines being hacked, despite his being hit with a defamation lawsuit from Dominion Voting Systems.

Earlier this week, The New York Times reported, “Days before lawyers allied with Donald Trump gave a news conference promoting election conspiracy theories, his campaign had determined that many of those claims were false, court filings reveal.” Meanwhile, former President Trump has endorsed several candidates who have, like Lindell, claimed there was massive voter fraud.

Pittsburgh’s NPR News Station reported that lawmakers in Pennsylvania issued a subpoena this week mandating the Department of State provide a Senate committee with a list of voter data. Security experts expressed concern about the request, noting that such sensitive information—which poses the potential for identity theft—should stay behind a firewall and there should be data protection protocols in place.

Interested in learning more about authentication and access control? Join our RSAC 365 Half-Day Virtual Seminar on Identity December 15 or explore a variety of topics available in our Library.

And now, a glimpse at other news that made cybersecurity headlines this week.

Sept. 24: CISA Director Jen Easterly said she supports proposed legislation that would require breach reporting for federal agencies, government contractors and private industries.

Sept. 24:FS-ISAC (The Financial Services Information Sharing and Analysis Center) has announced that global cyber intelligence sharing among its member financial firms has soared by 60% from August 2020 to August 2021, caused by supply chain and ransomware threats,” Infosecurity Magazine reported. 

Sept. 23: “Canada-based VoIP provider VoIP.ms is still battling a week-long, massive ransom distributed denial of-service (DDoS) attack,” ZDNet reported.

Sept. 23: Security researchers discovered a vulnerability in macOS Finder that could allow remote code execution.

Sept. 22: Federal agencies issued a joint warning to US organizations advising there has been a spike in Conti ransomware attacks.

Sept. 22: “Crystal Valley, a Minnesota-based farm supply and grain marketing cooperative, has become the second U.S. agriculture business to be hit with a ransomware attack this week,” Threatpost reported.

Sept. 22: SecurityWeek reported, “Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely.”

Sept. 22: Facebook warned investors that Apple’s new privacy policies could impact Facebook’s ad business. In related news, after considering the privacy implications of using social media to communicate activities, the Norwegian Data Protection Authority has decided it will not use Facebook.

Sept. 21: ‘Anonymous’ hackers reportedly released more than 150 gigabytes of data stolen from “Epik, a website hosting firm popular with far-right organizations like the Proud Boys.”

Sept. 21: “The Biden administration on Tuesday unveiled sanctions against a cryptocurrency exchange over its alleged role in enabling illegal payments from ransomware attacks, officials said, part of a broader crackdown on the growing threat,” Reuters reported.

Sept. 20: According to Fed Scoop, the Department of Veterans Affairs is exploring options for a new enterprise cloud services provider.

Sept. 20: Dark Reading reported, “Open source software projects – the underpinnings of the global software ecosystem – are getting better at more quickly updating vulnerable dependencies, but at the same time they face more cyberattacks and a significant volume of critical vulnerabilities.”

Sept. 20: Law enforcement agencies from Spain and Italy worked with Europol to dismantle an organized crime network, whose members included computer experts, alleged to have been conducting cyber fraud.

Sept. 20: New Cooperative Inc., an Iowa-based grain cooperative, had to shut down its operations in the aftermath of a ransomware attack that was reportedly the work of ransomware gang BlackMatter.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Hackers & Threats

ransomware threat intelligence disinformation campaigns/fake news cloud security privacy identity management & governance fraud

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community