Weekly News Roundup November 7-11, 2022


Posted on by Kacy Zurkus

As the week began, disinformation concerns related to Twitter and the midterm elections were blowing up headlines as the battle for the Senate waged on. CISA announced it would not flag any election-related disinformation on any social media platforms but noted that state and local governments could report any concerning information to the Center for Internet Security, according to The Washington Post.

The Hill reported that civil rights groups had become increasingly concerned about an increase in misinformation and hate speech with Musk at the helm of Twitter. Then, on the eve of the elections, Elon Musk urged independents to vote “for a Republican Congress.”

Following the midterms, CISA Director, Jen Easterly, issued a statement affirming, “We have seen no evidence that any voting system deleted or lost votes, changed votes, or was any way compromised in any race in the country.”

An additional concern that grabbed headlines was Musk’s proposed subscription model whereby users would pay a fee for the blue check verification. Though the plan was supposed to go into effect on Tuesday, The New York Times reported that Twitter would delay rolling out the new subscription model after users and employees expressed concern that, “the new pay-for-play badges could cause confusion ahead of Tuesday’s elections because users could easily create verified accounts…which could potentially sow discord.”

By the week’s end election security concerns took a back seat to the chaos ensuing at Twitter. CyberScoop reported, “A fraud network made up of thousands of bogus Twitter accounts has been impersonating legitimate NFT stores to swindle users out of cryptocurrency.” Additionally, Twitter’s CISO Lea Kissner resigned, prompting the Federal Trade Commission to announce it will be keeping an eye on the very public scuffles of the company’s evolution.

Though it seems that the news has been All Twitter All the Time, there is more that made cybersecurity headlines this week. Here’s a look at other stories you might’ve missed.

Nov. 11: According to Security Week, “Microsoft has attributed the recently observed Prestige ransomware attacks to a Russian state-sponsored threat actor tracked as Iridium.”

Nov. 11: The European Commission has proposed a policy intended to augment Europe’s cyber defenses by bringing forces together to protect against threats from Russia.

Nov. 10: The National Cybersecurity Center of Excellence (NCCoE) issued the outline for a cybersecurity framework profile that, “intends to identify an approach to assess the cybersecurity posture of HSN that provide services such as satellite-based systems for communications, position, navigation and timing (PNT), remote sensing, weather monitoring, and imaging.”

Nov. 10: NIST’s Katerina Megas said that taking a device-only approach to IoT security fails to consider the risks in “cloud services and other infrastructure providers,” according to news from NextGov.

Nov. 10: A new ESET survey found that SMBs are considering ways to improve their security posture, but costs remain a challenge.

Nov. 9: “A Navy nuclear engineer and his wife were sentenced to over 19 years and more than 21 years in prison for attempting to sell nuclear warship design secrets to what they believed was a foreign power agent,” Bleeping Computer reported.

Nov. 9: According to the Cybersecurity 202, “bipartisan attention to cybersecurity could drop off in the next congressional sessionregardless of which party controls the House and Senate when all the votes are tallied.”

Nov. 8: SC Magazine reported, “Following its acquisition of Streamlit earlier this year, Snowflake on Monday announced plans to integrate Streamlit so developers can use the popular Python coding language to bring their data and machine-learning models into cloud applications, all within Snowflake.”

Nov. 8: Microsoft released fixes for six zero day vulnerabilities being exploited in the wild.

Nov. 7: “The US Securities and Exchange Commission (SEC) appears poised to take enforcement action against SolarWinds for the enterprise software company's alleged violation of federal securities laws when making statements and disclosures about the 2019 data breach at the company,” Dark Reading reported.


Contributors
Kacy Zurkus

Participant

Content Strategist, RSA Conference

RSAC Insights

disinformation campaigns/fake news infrastructure security critical infrastructure cloud security zero day vulnerability patch vulnerability & configuration management Internet of Things application security cyber espionage

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community