Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:    

Major US airlines targeted in Department of Transportation privacy review

The ten largest airlines in the United States will be targeted in an upcoming privacy review conducted by the Department of Transportation. The review will look at how airlines safeguard the personal information of customers, and whether they unfairly or deceptively monetize or share the data with others. The review could lead to investigations, enforcement actions, rulemaking, or guidance. 

Lawmaker wants answers on HHS cyberattack that resulted in theft of $7.5 million 

Senator Bill Cassidy has sent a letter to the Department of Health and Human Services (HHS) demanding answers on the recently disclosed incident in which hackers stole $7.5 million in grant money. The lawmaker wants to know why the HHS failed to notify Congress of the cyberattack. 

Advertisement. Scroll to continue reading.

Tycoon 2FA AitM phishing kit

Sekoia has published an in-depth analysis of a new adversary-in-the-middle (AitM) phishing kit used by multiple threat actors. The investigation revealed the kit is associated with the Tycoon 2FA phishing-as-a-service (PhaaS) platform. The company noted that this has been one of the most widespread AiTM phishing kits over the last few months

Darcula PhaaS platform uses iMessage and RCS

Another PhaaS platform, named Darcula, has been analyzed by Netcraft. The company described Darcula as a Chinese-language platform used to target postal services and other organizations in more than 100 countries. The platform relies on iMessage and RCS instead of SMS messages to evade filters put in place by mobile network operators.

Apple users targeted in MFA bombing attacks 

MFA bombing or MFA fatigue attacks were successfully used in several high-profile incidents in the past years. The method still works and threat actors continue using it. Brian Krebs has heard the stories of several Apple users targeted in such attacks recently. The attacks involved flooding the targeted user’s device with alerts to approve a password change or login. If this failed, the attackers followed up with a call claiming to be from Apple support. 

Investigation into Chinese hacking of Finland parliament continues

After the US, UK and New Zealand accused Chinese state-sponsored threat actors of hacking into government systems, Finland’s police issued a statement saying that the criminal investigation into the 2021 hacking of its parliament’s information systems is still ongoing. Finland officially blamed the attack on the Chinese group APT31 shortly after the incident was disclosed. 

Over 800 WordPress plugins and themes abandoned in 2023

Patchstack reported over 800 WordPress plugins and themes as abandoned in 2023, significantly more compared to only 147 in 2022, the security firm’s latest State of WordPress Security report shows. Patchstack added nearly 6,000 new vulnerabilities to its database last year, with roughly 97% of them related to plugins. Twenty-one percent of all new bugs discovered last year were related to a single cross-site scripting (XSS) issue in the Freemius framework.

SEC digging for internal communications in SolarWinds hack probe

The US Securities and Exchange Commission is refining its inquiries into the 2020 SolarWinds hack, demanding that tech and telecommunications companies hand over internal chatter about the incident’s impact, Bloomberg reports. The cybersecurity industry and big business have described it as overreach.

ENISA publishes ‘Foresight Cybersecurity Threats for 2030’ report

Supply chain compromise of software dependencies, skills shortage, human error, and exploited legacy and unpatched or out-of-date systems are the top cyberthreats expected to have a high impact by 2030, the European Union Agency for Cybersecurity (ENISA) says. Its Foresight Cybersecurity Threats for 2030 report provides an overview of the current cybersecurity threat landscape and future trends.

Linux variant of DindoasRAT uncovered

Kaspersky has uncovered a Linux variant of the DindoasRAT Windows malware used in Operation Jacana, a spearphishing campaign targeting a Guyanese governmental entity that was disclosed in October 2023. In use since 2021 and mainly targeting Red Hat and Ubuntu distributions, the Linux backdoor can establish persistence, harvest system information, and execute various commands. 

Raspberry Pi devices repurposed for fraud and anonymization

Cybercriminals are advertising on the dark web new software that repurposes Raspberry Pi devices for fraud and anonymization. For only $80 per month, the tool, called Geobox, can be used to spoof GPS location, emulate network and software settings, mimic Wi-Fi access point settings, and bypass anti-fraud filters. This, Resecurity says, opens the door to nation-state attacks, cybercriminal activities, surveillance, and other types of nefarious activities.

Related: In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets

Related: In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap 

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks.