SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Google’s email verification for Workspace accounts bypassed by cybercriminals
Brian Krebs reported that Google recently fixed an authentication issue that allowed cybercriminals to bypass the email verification required to create a Google Workspace account. The attackers created accounts tied to domains they did not control and used them to access third-party services.
European Central Bank conducts cyber resilience stress test
The European Central Bank (ECB) has conducted a cyber resilience stress test whose goal was to see how banks would respond to and recover from a severe cybersecurity incident. Over 100 banks were tested. The test found that while banks typically have response and recovery frameworks in place, the ECB said areas for improvement remain.
Privacy and security risks of location-based dating apps
KU Leuven researchers have analyzed 15 location-based dating apps and found serious privacy and security issues, including the exposure of personal information and precise location data. The list of tested applications includes Tinder, Grindr, Bumble, Hinge and OKCupid.
Bypassing Meta’s Llama PromptGuard
Robust Intelligence has analyzed Meta’s Llama AI model and the PromptGuard classifier designed to detect jailbreak attempts and prompt injections. The company has found a simple exploit that can be used to bypass PromptGuard. Meta is reportedly working on a fix.
Armexa launches Industrial Resiliency Integrated Solution (IRIS) operations platform
Industrial cybersecurity firm Armexa has launched its Industrial Resiliency Integrated Solution (IRIS) operations platform. The solution provides backup and recovery, patch management, endpoint security, remote access, and network management capabilities.
DDoS attacks would not prevent voting: CISA and FBI
CISA and the FBI have informed the public that while DDoS attacks aimed at election infrastructure may hinder access to information, they would not impact the security or integrity of voting. Hackers could “falsely claim that DDoS attacks are indicative of a compromise related to the elections process as they seek to undermine confidence in US elections,” the agencies said.
Mining giant Fresnillo targeted in cyberattack
Mining giant Fresnillo, one of the world’s largest silver and gold producers, was recently targeted in a cyberattack that resulted in IT systems and data getting compromised. It’s unclear if this was a ransomware attack.
Tenable reportedly exploring potential sale
Bloomberg has learned from people familiar with the matter that cybersecurity firm Tenable is exploring a potential sale after receiving takeover interest. However, talks are in early stages and there is no guarantee that a deal will be made. Tenable’s market value exceeds $5 billion.
Fraud platform responsible for 1.8 million scam calls shut down
The UK’s National Crime Agency has announced the shutdown of a platform used by criminals to make 1.8 million scam calls that resulted in losses totaling tens of millions. The platform, named Russian Coms, was established in 2021. Three individuals have been arrested as part of the law enforcement operation.
Related: In Other News: Summer Olympics Threats, Funding Soars, Trump Shooter’s Phone Hacked
Related: In Other News: FBI Cyber Action Team, Pentagon IT Firm Leak, Nigerian Gets 12 Years in Prison