CSO

RSAC branded a 'super spreader event' as attendees share COVID-19 test results

That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts


RSA Conference Quick show of hands: who came home from this year's RSA Conference without COVID-19?

The cybersecurity event's organizers say they're not keeping count of attendees who say they've been hit with the coronavirus. Meanwhile, a growing number of folks have taken to Twitter to post photos and reports of positive test results after attending the conference. 

As someone who attended the show, wore a KN95 inside San Francisco's Moscone Center where it took place, and returned home healthy, your humble vulture can attest to the vast numbers of mask-less faces of cyber-risk managers, who may have misjudged the risk of attending a 26,000-person event while case numbers start to climb again in California.

COVID-19 vaccinations reduce the risk of hospitalization and death, and may prevent long-term effects of the virus. CDC guidance is to wear masks in crowded areas.

RSA Conference organizers required all attendees to show proof of vaccination or a negative test for their first entry into Moscone Center. Additionally, signs posted "encouraged" people to wear masks. Still, people wearing face masks inside Moscone were in the minority. And masks at cocktail parties and bars around the event were almost non-existent. 

According to one very informal Twitter poll with 820 votes at the time of writing, 20.6 percent of attendees said they caught the coronavirus at RSAC, while 39.5 percent said they escaped COVID-free. However, 39.9 percent said they were unsure, for whatever that means.

For what it's worth, the organizers of May's KubeCon Europe, which required proof of vaccination and masks, said they were aware of 121 reported infections, or about two percent of the in-person audience. We wish we could report an accurate reported count for RSA Conference: it is unlikely to be as high as one in five, though we may never know.

LastPass CTO Christofer Hoff tweeted he personally knows more than 30 people who got COVID-19 at RSAC.

"The RSA Conference should really be made aware to understand they were a super spreader event," Hoff added.

Following The Register's inquiry about COVID-19 cases related to the event, and questions about what organizers were doing post-RSAC to follow up on attendees' virus status, officials pointed to a health and safety hub update, which, among other things, urged attendees so "make responsible health choices."

"RSA Conference 2022 has been made aware that some attendees have tested positive for COVID-19," reads a note dated June 15. "We are, however, not collecting test results post-conference."

The number of RSAC attendees that have since tested positive, even if it is anecdotal evidence, has some in infosec rethinking their plans for Black Hat and DEF CON in Las Vegas this August, aka hacker summer camp.

"All of these stories of people catching COVID at conferences, especially RSA, make me considerably less interested in coming to Las Vegas for DEF CON," EFF Cybersecurity Director Eva Galperin said

After requiring both proof of vaccination and masks at last year's event DEF CON, "barring a major change in the situation," the event won't check attendees' vaccination status this year but will keep the mask mandate in place, organizers said.

"Protecting the community is our first priority, and we want to make sure that everyone is as safe as we can make them," DEF CON's FAQ page states. "Everyone includes the healthy, the vulnerable and those who have immune compromised loved ones they need to protect."

Meanwhile, Black Hat, which opens just before DEF CON, isn't requiring any COVID-19 prevention measures. 

"At this time, there are no requirements for vaccinations, masks, or other health measures in place," according to that event's health and safety rules. "Attendees are advised to consider their personal health needs."

"Black Hat will continue to monitor the health situation and relevant authorities," officials added. "Changes to health and safety measures may be made by Black Hat show management at any time as events warrant."

Consider yourself forewarned. ®

Broader topics


Other stories you might like

  • What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm
    The next wave of security maturity is measuring effectiveness, she told The Register

    RSA Conference When Sandra Joyce, EVP of Mandiant Intelligence, describes the current threat landscape, it sounds like the perfect storm. 

    The threat intelligence firm, which is being acquired by Google Cloud, made its annual cybersecurity predictions for the year ahead. And this year, they all materialized at once.

    "We predicted supply-chain attacks four years ago," Joyce said, in an interview with The Register at the RSA Conference. "We predicted deployment of wipers during wartime. And now we're watching all of these things happen at the same time, and in amounts that are greater than ever and at frequencies of scale that are more than ever."

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading
  • Threat and risk specialists signal post-COVID conference season is back on
    Well, we'll see in a week or so

    RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.

    The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.

    The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it's a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Intel offers 'server on a card' reference design for network security
    OEMs thrown a NetSec Accelerator that plugs into server PCIe slots

    RSA Conference Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.

    The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.

    According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • US cyber chiefs: Moving to Shields Down isn't gonna happen
    Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'

    RSA Conference A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added.

    "There'll never be a time when we don't defend ourselves –— especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal. 

    "Now, we all know that we can't sustain the highest level of alert for an extensive period of time, which is why we're thinking about, number one, what's that relationship that government needs to have with the private sector," Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.

    Continue reading
  • Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups
    This is why Viasat attack – rated one of the biggest ever of its kind – had relatively little impact

    RSA Conference The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder and former CTO of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.

    Alperovitch shared that opinion during a global threat briefing he delivered with Sandra Joyce, EVP of Mandiant Intelligence, at the RSA Conference on Tuesday.

    The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe. The attack therefore disrupted satellite connectivity for thousands, and disabled remote monitoring of 5,800 wind turbines in Germany.  

    Continue reading

Biting the hand that feeds IT © 1998–2022