SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Netography spins off new stealth company
Network security company Netography this week announced that it has completed the spin-off of a stealth company. Led by cybersecurity expert and entrepreneur Barrett Lyon, the spinoff received seed investment from Mango Capital and will maintain a close relationship with Netography, which donated prototyped eBPF-based technology to Lyon and the new team. Netography will maintain purchasing and licensing rights for the technology.
ExtraHop open sources DGA detector dataset
ExtraHop is open sourcing its 16 million row detector dataset on GitHub, to help organizations defend against domains generated by algorithms. Threat actors leverage domain generation algorithms (DGAs) to maintain control within victims’ environments and make attacks more difficult to identify. ExtraHop’s detector dataset allows researchers and organizations to create ML classifier models to quickly detect DGAs and prevent attacks.
Backdoored Free Download Manager for Linux
A Free Download Manager for Linux version injected with malware was available for download on its official page for roughly two years. The malware creates a reverse shell to deploy a Bash stealer that collects system information, passwords, cryptocurrency wallet files, and other sensitive data. The Free Download Manager team says that less than 0.1% of its site visitors downloaded the malicious application.
Pegasus spyware used to target Putin’s critic
NSO Group’s Pegasus spyware was found on the iPhone of exiled Russian investigative journalist Galina Timchenko. The iPhone was infected on or around February 10, 2023, via a zero-click exploit, when Timchenko, CEO and publisher of the Meduza news website, was in Berlin. Access Now, which analyzed the device in collaboration with Citizen Lab, provides a rundown of the risks associated with this attack.
Malware distributor Storm-0324 facilitates ransomware access
Since July 2023, the Iran-linked threat actor tracked as Storm-0324 (which overlaps with the group known as Charming Kitten, TA543, and Mint Sandstorm) has been targeting Microsoft Teams users in a phishing campaign leading to ransomware deployment on enterprise networks. The campaign has been distributing the JSSLoader malware, which the FIN7 hackers leverage to execute ransomware.
China says NSA behind university attack
China blames the NSA for orchestrating an April 2022 cyberattack on the Northwestern Polytechnical University, which runs aeronautics, astronautics, and marine technology engineering programs. China’s National Computer Virus Emergency Response Center claims that the malware used in the attack was developed by the NSA and that it has identified the real identities of the hackers.
International Joint Commission ransomware attack
The International Joint Commission, a cross-border water management body overseeing projects impacting the rivers and lakes at the US-Canada border, has confirmed falling victim to a cyberattack after a ransomware gang boasted online about breaching the organization and stealing 80GB of data.
Rollbar data breach
Error tracking and debugging platform provider Rollbar is notifying users of a data breach impacting its data warehouse. The attackers searched for Bitcoin wallets and cloud credentials, and accessed usernames, email addresses, account names, project names and access tokens, environment names, and project service link configuration information.
Critical access bypass issue in Drupal
Drupal is urging users to update to Mail Login version 8.x-2.8, which addresses a critical access bypass issue. The module allows users to log in by email address with minimal configurations. The module did not replicate the flood control mechanism included in Drupal core, thus allowing brute force attacks.
SlashNext details strategies to jailbreak AI systems, “evading the inherent safety measures and ethical guidelines” that chatbots such as ChatGPT follow, which could lead to “the creation of uncensored content without much consideration for the potential consequences”.
Europol cybercrime report
Europol has published its Cyber Attacks: The Apex of Crime-as-a-Service (PDF) report, which contains information on the criminal structures orchestrating cyberattacks and on how these hacking groups adapt their tactics to changes in geopolitics. While malware-based attacks, such as ransomware, are the most prominent threat, the number of DDoS attacks against EU organizations has been growing in the context of the Russia-Ukraine war, Europol says.
Stealing information over Wi-Fi without hacking
A group of academic researchers demonstrates how sensitive information transmitted over Wi-Fi can be stolen without hacking being involved. The proposed approach, dubbed WiKI-Eve, exploits BFI (beamforming feedback information), a new feature in the latest Wi-Fi hardware, which is transmitted between the device and AP in cleartext.