Back to Blog May 8, 2023

    This Week in Cybersecurity News - Week of May 8, 2023

     

     

    This week's roundup of cybersecurity news stories for the week of May 8, 2023. 

    Breaches and Attacks in the News

    Stories about cybersecurity attacks and data breaches.

    Western Digital Confirms Ransomware Group Stole Customer Information
    By Eduard Kovacs - SecurityWeek
    Western Digital confirmed that a security breach was found on March 26th that included customer information. Ransomware group Alphv/BlackCat published screenshots showing video calls, emails, documents, internal tools, invoices, and confidential communications. The group is threatening to release customer information, code-signing certificates, and communications unless WD pays the ransom. 

    1 Million Impacted by Data Breach at NextGen Healthcare
    By Ionut Arghire - SecurityWeek
    NextGen Healthcare has started to inform 1 million people that their personal information was compromised in a data breach. According to notification letters, the company noticed suspicious activity on its systems on March 30, 2023 and found an unauthorized party had access to those systems between March 29 and April 14. Attackers accessed customer names, addresses, birth dates, and Social Security numbers. 

    Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up
    By Eduard Kovacs - SecurityWeek
    Former Uber security chief Joe Sullivan was sentenced on Thursday to three years of probation for covering up a data breach suffered by the ride-sharing giant in 2016. Sullivan was charged in August 2020 and found guilty by a jury in October 2022. Before the sentencing, prosecutors were hoping for 15 months in prison, while the defense wanted probation, which was the ultimate outcome, allowing the former chief security officer (CSO) to avoid prison time. In addition to probation, Sullivan must perform 200 hours of community service as part of the sentencing.

    Federal Government Cybersecurity News

    News stories about federal government cybersecurity policy, regulation, and advisories.

    Biden, Harris Meet With CEOs About AI Risks
    Associated Press
    Vice President Kamala Harris met on Thursday with the heads of Google, Microsoft, and two other companies developing artificial intelligence as the Biden administration rolls out initiatives meant to ensure the rapidly evolving technology improves lives without putting people’s rights and safety at risk.
    President Joe Biden briefly dropped by the meeting in the White House’s Roosevelt Room, saying he hoped the group could “educate us” on what is most needed to protect and advance society.

    CISA Releases One Industrial Control Systems Advisory
    CISA
    CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

    Top US cyber official warns AI may be the ‘most powerful weapon of our time’
    By Christian Vasquez - Cyberscoop
    CISA Director Jen Easterly said the rapid advances in technologies such as ChatGPT could be used by adversaries to carry out cyberattacks.

    State and Local Government Cybersecurity News

    Stories related to state and local government cybersecurity.

    $1.1M Paid to Resolve Ransomware Attack on California County
    Associated Press
    A $1.1 million payment was made to resolve a ransomware attack on a California county’s law enforcement computer network. The San Bernardino County Sheriff’s Department announced in April that a “network disruption” was being investigated by information technology staff and forensic specialists and that the FBI and Department of Homeland Security were notified. County spokesperson David Wert said the county paid $511,852 and the remainder was covered by insurance, the news group reported Thursday.

    Cybersecurity Training and Learning News

    New cybersecurity courses, certifications, and training opportunities.

    Google Launches New Cybersecurity Analyst Training Program
    By Eduard Kovacs - SecurityWeek
    Google announced a new cybersecurity training program for students to prepare for a cybersecurity analyst career and they will receive a professional certificate from Google when they graduate. The new Cybersecurity Certificate is part of the company’s Grow With Google initiative. The program was built by Google experts and it’s hosted by online course provider Coursera.

    Cybersecurity Research News

    Surveys, studies, and research related to cybersecurity.

    Your voice could be your biggest vulnerability
    Help Net Security
    AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had previously experienced some kind of AI voice scam, with 1 in 10 targeted personally and 15% saying it happened to someone they know. 77% of victims said they had lost money as a result.

    Consumer skepticism is the biggest barrier to AI-driven personalization
    Help Net Security
    Businesses worldwide are eagerly embracing the potential for AI to provide personalized customer experiences, but customers remain cynical, according to Twilio. 62% of business leaders cite customer retention as a top benefit of personalization, while nearly 60% say personalization is an effective strategy for acquiring new customers.

    Cybersecurity teams hampered by economic downturn
    SC Media
    TechRepublic reports that more cybersecurity vulnerabilities have been reported by 50% of organizations amid layoffs and reductions in security spending brought about by the economic downturn during the past year. Seventy-five percent of companies noted the adverse impact of reduced budgets and frozen security investments on cybersecurity management, and even though 84% of those that had increased vulnerabilities were worried about breaches' financial and reputational damages, 39% and 40% either reduced or plan to cut their security teams, respectively, according to a HackerOne survey.

    Cybersecurity Opinions

    A roundup of cybersecurity and tech opinion articles from the past week. 

    RSA 2023: Not Under the GenAI Influence Yet!
    By Anton Chuvakin - Anton on Security
    Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth …

    The Merck appeal: cyber insurance and the definition of war
    By Christopher Burgess - CSO
    Pharmaceutical giant Merck’s won an appeal that might see it claim $1.4 billion from insurers due to the NotPetya ransomware attack. The decision hinged on the definition of war and it could also affect how insurance terms are defined in the future.

    ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways
    By Dan Patterson - ZDNet
    Generative artificial intelligence is transforming cybersecurity, aiding both attackers and defenders. Cybercriminals are harnessing AI to launch sophisticated and novel attacks at large scale. And defenders are using the same technology to protect critical infrastructure, government organizations, and corporate networks, said Christopher Ahlberg, CEO of threat intelligence platform Recorded Future.

    Other Interesting News

    Not necessarily cybersecurity news, but interesting enough to share.

    The ‘Devil Bird’ Lands in New York, With More Likely to Come
    By James Crugnale - The New York Times
    For two weeks, a strange bird has perched in Brooklyn over the treetops of one of the Three Sisters Islands in Prospect Park Lake. It shows no signs of heading back to the place it most likely came from in the South. Meet the anhinga, a large water bird with a snaky neck that has joined other high-profile vagrant birds in recent years by making a rare appearance outside of its typical migration range.

    Why the Ferrari F355 Sounds So Good
    By Chris Perkins - Road and Track
    The sound is unmistakable—rich, complex, cultured, yet ferocious. Even among Ferraris, the noise emanating from the F355 is unique. After a recent opportunity to drive a manual F355 Berlinetta, fulfilling a childhood fantasy, the noise burnished itself in my brain. I walked away with two wants, a manual F355 Berlinetta—ideally in blue—and to drill down into its specific sound.

     

    Sign up to get first access to our latest resources