SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Cyberattack on news giant AFP
News giant Agence France-Presse (AFP) reported on September 28 that its IT systems were targeted in a cyberattack that affected part of its delivery service. The agency at the time had not determined who was behind the attack or why it was launched, and it has yet to provide any updates.
Meta Ray-Ban smart glasses can be used to instantly identify people
Two Harvard students have shown how Meta’s Ray-Ban smart glasses can be used to instantly identify people. They linked the video stream from the glasses to a facial recognition system and the results, including information such as name, phone number and address, are sent to a phone.
FCC issues $6 million fine over deepfake robocalls
The FCC has issued a fine of $6 million against a political consultant over illegal robocalls made using voice deepfakes of President Biden. The robocalls were telling people not to vote.
CISA says over 2,400 valid vulnerability reports received via VDP platform in 2023
CISA says more than 2,400 valid vulnerability reports were received in 2023 through its Vulnerability Disclosure Policy (VDP) platform, which is designed to help federal civilian executive branch agencies in identifying vulnerabilities in their systems.
NVD backlog still significant
NIST announced in late May that it was receiving outside help to get the National Vulnerability Database (NVD) back on track by the end of September. However, an analysis by VulnCheck shows that while the NVD backlog is not as bad as it was in May, 72% of the 18,000 issued CVEs have yet to be analyzed, compared to 93% in May.
ICS/OT OSINT guide for finding water systems on the internet
ICS/OT cybersecurity expert Sulaiman Alhasawi has published an OSINT guide for finding potentially vulnerable water systems on the internet. The guide, which leverages a tool called ICSRank, was released following a series of attacks against this sector. The guide is part of a series called OT Hunt.
Interpol announces crackdown on African cybercrime operations
Interpol has announced arrests as part of an international law enforcement operation targeting cybercriminals in Africa, specifically Ivory Coast and Nigeria. Eight individuals have been arrested over their alleged role in an operation that involved phishing and which resulted in millions of dollars in losses.
Meta tells court it should win WhatsApp case against NSO
Meta has asked a judge to award it a total win against NSO Group over discovery violations that make a fair trial impossible. The move is part of a years-long lawsuit regarding NSO spyware being used against WhatsApp users.
UK nuclear waste site fined for cybersecurity failings
UK’s largest nuclear waste site, Sellafield, has been fined £332,500 ($440,000) by the country’s Office for Nuclear Regulation (ONR) for cybersecurity failings. While the media reported that threat actors linked to Russia and China had hacked into Sellafield systems, the ONR said there was no indication that the organization was hacked or that public safety was compromised as a result of the identified vulnerabilities.
Related: In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks
Related: In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted
