SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Tech CEO Sentenced to prison for wire fraud
Micfo LLC CEO Amir Golestan has been sentenced to five years in prison for using a network of shell companies to deceive ARIN and obtain the rights to more than 735,000 IP addresses, with an estimated value between $10 million and $14 million. The “sentence sends an important message of deterrence to other parties contemplating fraudulent schemes to obtain or transfer Internet resources”, ARIN said.
Energy industry services firm hacked
Weymouth, Massachusetts-based BHI Energy has revealed that the PII and PHI of more than 91,000 individuals was exposed in a June 2023 cyber incident. Compromised data includes names, addresses, dates of birth, Social Security numbers, and potential medical and claims information related to the company’s health plan. BHI provides services and staffing solutions to the industrial, oil & gas, and power generation markets.
Eastern European charged, extradited to US for selling computer credentials
Sandu Diaconu, 31, of Moldova, has been charged in the US for operating an online portal for selling stolen credentials, the E-Root Marketplace. Authorities believe that more than 350,000 credentials for RDP and SSH access were listed for sale on the marketplace. Diaconu, who was extradited from the UK, faces up to 20 years in prison for computer fraud, wire fraud, and money laundering conspiracy.
Indian national pleads guilty in US court to computer-hacking scheme
Sukhdev Vaid, 24, of India, has pleaded guilty in a US court to participating in a computer-hacking scheme to steal $150,000 from a 73-year-old US woman. Vaid and co-conspirators hacked her computer, made it look as if it was infected with malware, and directed her to call a number for customer support, where she was instructed to withdraw money from her bank account and give it to the fraudsters for safekeeping. Co-conspirator Eddly Joseph pleaded guilty to the scheme in August.
Admin credential leak flaw in Synology NAS DSM
A weak random number generator in Synology’s DiskStation Manager (DSM) platform running on its NAS products allowed attackers to reconstruct the administrator password and take over the admin account, Claroty reports. The vulnerability, tracked as CVE-2023-2729, will not be addressed on certain SRM versions.
Amazon passkey implementation leaves room for improvement
Tech startup Corbado analyzes Amazon’s implementation of passkeys across devices and browsers, flagging issues leading to domain redirection, user confusion, and unnecessary verification steps. The firm also finds the implementation lacking features such as Conditional UI and native app support.
X (formerly Twitter) glitch leads to CIA channel hijack
A bug on the CIA’s account on X (formerly Twitter) has allowed a security researcher to redirect potential contacts to a different domain than CIA’s official Telegram channel for informants, BBC reports. The link, added to CIA’s X account recently, was truncated by the social media platform in a manner that led to an unused Telegram username, which the researcher registered. Anyone clicking the link on X would then land on the researcher’s channel.
‘Admin’ still the most popular password
An analysis of more than 1.8 million passwords shows that ‘admin’ remains the most popular, CTEM solutions provider Outpost24 says. Default passwords are still widely accepted and IT administrators prove as predictable when selecting a password as end-users are, despite an industry push to stronger passwords.
Cybercriminals targeting plastic surgery
The FBI warns (PDF) of the increased interest that cybercriminals are showing in plastic surgery offices and patients to steal PII and sensitive medical records, and to extort victims. Using phishing, the attackers deploy malware to plastic surgery offices, harvest the data of plastic surgery patients, and then contact doctors and victims to pressure them into making extortion payments.
Eastern European industrial companies targeted with updated MATA malware
Spear-phishing emails targeting industrial companies in Eastern Europe were seen deploying new malware belonging to the MATA cluster, which was previously associated with North Korea-linked hacking group Lazarus, Kaspersky reports (PDF). The attacks used new versions of MATA (such as MataDoor and a Linux variant), USB drives to infect air-gapped networks, information stealers, and security bypass tools.
Attackers infect secure USB drives at APAC governments
As part of a long-running campaign, a highly-skilled threat actor has been observed infecting secure USB drives at government organizations in the APAC region. The infected drives allowed the attackers to infect air-gapped systems, execute commands, and harvest information that was passed to other machines using the same USB drives as a carrier.
