SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Nozomi OT/IoT security report shows surge in malware and access control issues
Nozomi Networks’ OT & IoT Security Report for the first half of 2023 reveals that malware-related security threats have increased roughly ten times, and so have access control and authorization issues. Authentication and password issues, OT-specific threats, and suspicious network behavior have dropped in H1 2023.
Schneider Electric launches Managed Security Services for OT
Schneider Electric has launched a vendor-agnostic Managed Security Services (MSS) offering designed to help operational technology (OT) organizations address the risks associated with remote access and connectivity technologies. The offering is powered by Schneider’s Cybersecurity Connected Service Hub (CCSH) and provides monitoring and response capabilities.
Early-stage cybersecurity funding rebounds
DataTribe’s latest cybersecurity funding report shows that deal volume for early-stage companies started to rebound in the second quarter of 2023. Seed, Series A and Series B deal volume increased by 47% compared to the first quarter.
Cybersecurity for large sporting events
The fifth installment of Microsoft’s Cyber Signals report provides an overview of the cyber risks associated with large sporting events, along with recommendations on how sports associations, teams, and venues can safeguard against cybersecurity threats, starting with the implementation of a multilayered security framework. Microsoft says it performed over 634 million authentications when providing cybersecurity defenses in Qatar during the FIFA World Cup in 2022.
Abusing the SSM agent as a remote access trojan
Mitiga warns of a new post-exploitation technique in AWS, where the Systems Manager (SSM) agent can be used as a remote access trojan (RAT), to control Linux and Windows machines from another AWS account. A legitimate tool that admins can use to manage instances, the SSM agent may allow threat actors “to carry out malicious activities on an ongoing basis”.
Authorities on alert over extremists’ use of Flipper Zero hacking tool
Local authorities in major US cities have been put on alert over the potential use of the Flipper Zero hacking tool by racially and ethnically motivated violent extremists (REMVEs). The tool can be used to hack radio protocols and access control systems, to clone RFID cards, and to bypass the security of electronic safes.
New Azure Active Directory attack vector
Vectra details a new attack vector against Azure Active Directory that could allow attackers to move laterally to other Microsoft tenants. The technique targets Cross-Tenant Synchronization, newly introduced functionality that exists in every Microsoft deployment, which allows organizations to synchronize users and groups between tenants. Vectra has published a proof-of-concept (PoC) exploit.
Google Cloud Threat Horizons Report
Google has released the August 2023 Threat Horizons report (PDF) that provides intelligence about threats to cloud enterprise users and recommendations on how service providers and organizations can improve cloud security.
VMware patches two vulnerabilities in Horizon Server
VMware announced patches for two medium-severity vulnerabilities in Horizon Server that could allow attackers to perform HTTP smuggle requests (CVE-2023-34037) and access information relating to the internal network configuration (CVE-2023-34038). Neither flaw appears to be exploited in attacks.
BeyondTrust command injection vulnerability
BeyondTrust informed customers recently that it was working on patches for a command injection vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 that could allow a remote attacker to execute OS commands, without authentication. The issue reportedly has the maximum severity rating (CVSS score of 10).