SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Underground service generates realistic fake IDs
An underground service called OnlyFake allegedly uses neural networks to generate realistic photos of fake IDs for just $15. 404 Media has tested the service and reported that it produces fake IDs nearly instantly, and warned that it could streamline bank fraud and the laundering of stolen funds.
Deepfake CFO tricks finance worker into sending $25 million to fraudsters
A finance worker in Hong Kong was tricked into making a $25 million payment to fraudsters posing as his company’s chief financial officer on a video call using deepfake AI technology. In fact, all members of the staff that were on that call were deepfakes.
Black Hunt ransomware uses leaked LockBit code
The Black Hunt ransomware, which recently hit roughly 300 companies in Paraguay, appears based on leaked LockBit code, Rapid7 says. Written in C++, a recent sample widely “reuses the leaked Lockbit ransomware code and shares similarities with several other recently spotted ransomware families”. Black Hunt disables Windows security measures, limiting user control, deletes shadow copies, and attempts to spread to network shares.
Pennsylvania Courts website disrupted by cyberattack
The Pennsylvania Courts’ website fell victim to a denial-of-service (DoS) attack, rendering parts of it unavailable. “At this time, there is no indication that any court data was compromised, and our courts will remain open and accessible to the public,” Chief Justice of Pennsylvania Debra Todd said in a February 4 statement. The website appears to remain down for the time being.
Cybersecurity funding in Q4 2023
DataTribe’s cybersecurity funding insights report for the fourth quarter of 2023 shows that $89 billion were invested across approximately 6,400 deals last year, the lowest figures in the past five years.
Google agrees to $350 million settlement in Google+ data leak lawsuit
Google has agreed to pay $350 million to settle a shareholder lawsuit related to a 2018 Google+ bug exposing private data associated with as many as 500,000 accounts. As part of the settlement, Google denied any wrongdoing and highlighted finding no evidence that the exposed data was misused.
Internet-exposed Confluence server numbers skewed by honeypots
A Shodan search for internet-exposed Confluence servers that could be vulnerable to remote attacks returns over 200,000 results, but an analysis conducted by VulnCheck shows that a vast majority are actually honeypots. Only approximately 4,000 instances are real Confluence servers.
OpenSSF and CISA provide framework for package repository security
OpenSSF and CISA have teamed up to create a framework for package repository security. The organizations have identified a “taxonomy of package repositories and a set of principles for their security capabilities” Package repositories should strive to adhere to the described best practices.
OT/IoT threat landscape assessment
Nozomi Networks has published a report assessing the OT/IoT threat landscape in the second half of 2023. The report looks at reported vulnerabilities, malware and other types of intrusions, as well as botnets.
SonicWall has patched an authentication bypass vulnerability in Gen7 firewalls running SonicOS 7.1.1-7040 Image. Google has fixed two high-severity flaws in Chrome. VMware has addressed five vulnerabilities in Aria Operations for Networks, including privilege escalation and XSS bugs.