SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Major US airlines targeted in Department of Transportation privacy review
The ten largest airlines in the United States will be targeted in an upcoming privacy review conducted by the Department of Transportation. The review will look at how airlines safeguard the personal information of customers, and whether they unfairly or deceptively monetize or share the data with others. The review could lead to investigations, enforcement actions, rulemaking, or guidance.
Lawmaker wants answers on HHS cyberattack that resulted in theft of $7.5 million
Senator Bill Cassidy has sent a letter to the Department of Health and Human Services (HHS) demanding answers on the recently disclosed incident in which hackers stole $7.5 million in grant money. The lawmaker wants to know why the HHS failed to notify Congress of the cyberattack.
Tycoon 2FA AitM phishing kit
Sekoia has published an in-depth analysis of a new adversary-in-the-middle (AitM) phishing kit used by multiple threat actors. The investigation revealed the kit is associated with the Tycoon 2FA phishing-as-a-service (PhaaS) platform. The company noted that this has been one of the most widespread AiTM phishing kits over the last few months
Darcula PhaaS platform uses iMessage and RCS
Another PhaaS platform, named Darcula, has been analyzed by Netcraft. The company described Darcula as a Chinese-language platform used to target postal services and other organizations in more than 100 countries. The platform relies on iMessage and RCS instead of SMS messages to evade filters put in place by mobile network operators.
Apple users targeted in MFA bombing attacks
MFA bombing or MFA fatigue attacks were successfully used in several high-profile incidents in the past years. The method still works and threat actors continue using it. Brian Krebs has heard the stories of several Apple users targeted in such attacks recently. The attacks involved flooding the targeted user’s device with alerts to approve a password change or login. If this failed, the attackers followed up with a call claiming to be from Apple support.
Investigation into Chinese hacking of Finland parliament continues
After the US, UK and New Zealand accused Chinese state-sponsored threat actors of hacking into government systems, Finland’s police issued a statement saying that the criminal investigation into the 2021 hacking of its parliament’s information systems is still ongoing. Finland officially blamed the attack on the Chinese group APT31 shortly after the incident was disclosed.
Over 800 WordPress plugins and themes abandoned in 2023
Patchstack reported over 800 WordPress plugins and themes as abandoned in 2023, significantly more compared to only 147 in 2022, the security firm’s latest State of WordPress Security report shows. Patchstack added nearly 6,000 new vulnerabilities to its database last year, with roughly 97% of them related to plugins. Twenty-one percent of all new bugs discovered last year were related to a single cross-site scripting (XSS) issue in the Freemius framework.
SEC digging for internal communications in SolarWinds hack probe
The US Securities and Exchange Commission is refining its inquiries into the 2020 SolarWinds hack, demanding that tech and telecommunications companies hand over internal chatter about the incident’s impact, Bloomberg reports. The cybersecurity industry and big business have described it as overreach.
ENISA publishes ‘Foresight Cybersecurity Threats for 2030’ report
Supply chain compromise of software dependencies, skills shortage, human error, and exploited legacy and unpatched or out-of-date systems are the top cyberthreats expected to have a high impact by 2030, the European Union Agency for Cybersecurity (ENISA) says. Its Foresight Cybersecurity Threats for 2030 report provides an overview of the current cybersecurity threat landscape and future trends.
Linux variant of DindoasRAT uncovered
Kaspersky has uncovered a Linux variant of the DindoasRAT Windows malware used in Operation Jacana, a spearphishing campaign targeting a Guyanese governmental entity that was disclosed in October 2023. In use since 2021 and mainly targeting Red Hat and Ubuntu distributions, the Linux backdoor can establish persistence, harvest system information, and execute various commands.
Raspberry Pi devices repurposed for fraud and anonymization
Cybercriminals are advertising on the dark web new software that repurposes Raspberry Pi devices for fraud and anonymization. For only $80 per month, the tool, called Geobox, can be used to spoof GPS location, emulate network and software settings, mimic Wi-Fi access point settings, and bypass anti-fraud filters. This, Resecurity says, opens the door to nation-state attacks, cybercriminal activities, surveillance, and other types of nefarious activities.
Related: In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets
Related: In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap
