CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying

Noteworthy stories that might have slipped under the radar: EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying. 

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

Student charged for hacking shipping company

A University of Miami student has been charged for hacking into employee accounts at a shipping and supply chain management company as part of a $3.5 million fraud scheme. The fraudsters bought high-end electronics, jewelry, designer clothing, and accessories from retailers and then used their access to the shipping firm’s systems to enter fraudulent tracking information and claim full refunds while keeping the merchandise. 

US offering big rewards for Iranian cyber actors

The US State Department has made two announcements, each offering rewards of up to $10 million for information on Iranian cyber actors. Some of them are accused of interfering in US elections, while others are said to have targeted critical infrastructure and compromised hundreds of computer networks. 

Advertisement. Scroll to continue reading.

New Google Play banner highlights independent security validation of apps

Google has announced a new banner for Google Play applications that have undergone independent security testing. For now, the banner is available for VPN applications, indicating to users that the app meets industry mobile security and privacy minimum best practices. 

CISA guidance for Vulnerability Exploitability eXchange (VEX) information

CISA has published guidance on when organizations should issue Vulnerability Exploitability eXchange (VEX) information, which allows developers, suppliers and others to share information about vulnerabilities. The goal is to make it easier for others to make their own assessment of the risks associated with a vulnerability. 

Critical QNAP product vulnerabilities

QNAP has published four security advisories to inform customers about vulnerabilities found in its products, including critical QTS, QuTS and Multimedia Console flaws that can be exploited for remote code execution.  

Zephyr RTOS vulnerabilities

A researcher has discovered a dozen vulnerabilities in the Linux Foundation-sponsored Zephyr real-time operating system (RTOS). The flaws can be exploited for DoS attacks, arbitrary code execution and other purposes. 

Evolution of Chinese state-sponsored cyber operations

Recorded Future has published a report on the evolution of Chinese state-sponsored cyber operations, highlighting a shift “from broad intellectual property theft to a more targeted approach supporting specific strategic, economic, and geopolitical goals”.

SolarWinds responds to SEC charges

SolarWinds has responded to the recent charges announced by the SEC against the company and its CISO over its cybersecurity practices leading up to the massive breach. SolarWinds has described the SEC’s lawsuit as “fundamentally flawed” and has shared some information in an effort to set the record straight on some allegedly false claims. 

New EU regulation enables government surveillance 

The EFF has issued a warning over a new EU regulation called eIDAS 2.0. Article 45 in the new regulation would forbid browsers from enforcing certain security requirements on government-appointed CAs, allowing governments to intercept HTTPS communications in the EU and beyond. Major tech companies have raised concerns about the new regulation. 

SentinelOne acquires Krebs Stamos Group and launches new unit

SentinelOne has acquired the Krebs Stamos Group, a company founded by former CISA director Chris Krebs and former Facebook and Yahoo security chief Alex Stamos. Krebs and Stamos will lead PinnacleOne, a new strategic risk analysis and advisory group launched by SentinelOne. 

Related: In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach

Related: In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.


Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...