Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert

Noteworthy stories that might have slipped under the radar: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

Large US organization targeted by Chinese hackers

Symantec reported that a large US organization with a significant presence in China was hacked by threat actors likely based in China. The attackers had access to its network for four months and their likely goal was intelligence gathering. 

FBI warning on gen-AI used for financial fraud

The FBI this week issued an alert (PDF) on cybercriminals relying on generative artificial intelligence (gen-AI) to commit financial fraud at large scale. Using gen-AI, threat actors quickly generate believable text, fictitious social media profiles, images, audio, video, and other types of content that they then distribute for fraud and extortion, the FBI says.

Advertisement. Scroll to continue reading.

Vodka maker files for bankruptcy in US after ransomware attack

Stoli USA, vodka maker Stoli Group’s US subsidiary, has filed for bankruptcy after its operations were significantly disrupted in an August 2024 ransomware attack that disabled the group’s enterprise resource planning (ERP) system. Originally from Russia, Stoli has been persecuted by the Moscow regime for supporting Ukraine. In July 2024, the group’s Russian subsidiaries were confiscated by the government, Stoli USA said in a regulatory filing.

UK and EU release cybersecurity reports

The UK’s National Cyber Security Centre (NCSC) has published its 2024 Annual Review report, which highlights the agency’s work and the threats faced by the country. Separately, the EU’s cybersecurity agency ENISA has published its first ever report on the state of cybersecurity in the European Union. The report also includes policy recommendations to address identified shortcomings and increase the EU’s level of cybersecurity. 

Open source trends and security challenges described in new Linux Foundation report

The Linux Foundation has published a new report on the use of free and open source software, highlighting several usage trends and security-related aspects, such as the increasing importance of securing individual developer accounts, and the persistence of legacy software. 

Cloudflare services abused for phishing, state-sponsored attacks

Separate reports published this week by Fortra and Recorded Future describe abuse of Cloudflare services. Fortra reported that the internet company’s pages.dev and workers.dev domains are increasingly abused for phishing. Recorded Future found that a Russian state-sponsored threat group named BlueAlpha has targeted Ukraine in attacks involving the use of Cloudflare Tunnels to conceal staging infrastructure used by its malware. 

WAF bypass impacts numerous Fortune 100 companies

Misconfigurations in popular web application firewall (WAF) services can allow threat actors to bypass protections and target web applications and load balancers, Zafran reports. Because modern WAF providers also act as content delivery network (CDN) providers, CND services used as a WAF expose web applications to internet traffic, and improper validation of responses could result in backend applications being directly accessed over the internet. Akamai, Cloudflare, Fastly, Imperva and others are affected, and Zafran mapped 8,000 domains to 36,000 backend servers exposed to the internet.

New CISA resources

The US cybersecurity agency CISA this week released a new version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document, which describes common data schema to ensure consistency across federal agencies, reduce threat surface, increase visibility, and improve response capabilities. 

In partnership with government agencies from Five Eyes countries, CISA also announced an update to its Secure by Design guidance on choosing secure and verifiable technologies, which aims to help procuring organizations and makers of digital products and services to choose and build secure-by-design technologies.

Russian authorities confiscated programmer’s phone and returned it with spyware installed

First Department and Citizen Lab describe the case of a Russian programmer accused by Russian authorities of sending money to Ukraine. After they attempted to recruit him as an FSB informant, they returned his phone with spyware installed on it. The spyware resembles Monokle, which is developed by a Russian company. 

Related: In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses Logs

Related: In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit 

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.