Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved

Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

Amnesty investigation into spyware in Indonesia

Amnesty International has teamed up with several organizations to conduct research into the sale and deployment of spyware and other surveillance technologies in Indonesia. The spyware was reportedly sourced from Israel, Greece, Singapore and Malaysia between 2017 and 2023, and includes technologies from NSO-linked Q Cyber, Intellexa, Saito (Candiru), FinFisher and Wintego. 

Israeli private investigator arrested over hack-for-hire scheme

An Israeli private investigator wanted by the United States for his alleged role in a hack-for-hire scheme was arrested in London, but the initial attempt to extradite him failed due to a legal technicality. The man is accused of carrying out a cyberespionage campaign on behalf of an unidentified American public relations firm. 

Advertisement. Scroll to continue reading.

Citrix Netscaler vulnerability nearly identical to Citrix Bleed

Bishop Fox has disclosed the details of a Citrix Netscaler ADC and Gateway vulnerability that can be exploited without authentication to remotely obtain sensitive information from an appliance. The flaw is nearly identical to the Citrix Bleed vulnerability, but it’s less likely to return highly sensitive information to an attacker. Version 13.1-51.15 and later are not affected.  

VMware advisories moved to Broadcom support portal

The location of VMware security advisories has changed — they are now available on the Broadcom Support Portal. Some members of the cybersecurity industry complained that they are now only available to logged-in users, but VMware has clarified that they can still be viewed without authentication.

Apple patches iTunes vulnerability 

Apple has released iTunes 12.13.2 for Windows 10 and later to address CVE-2024-27793, a vulnerability that can be triggered by getting the targeted user to parse a specially crafted file. Exploitation can lead to unexpected app termination or arbitrary code execution.

DocGo data breach

DocGo, a healthcare provider that offers mobile health and ambulance services, has informed the SEC that a threat actor obtained data from its systems. The company’s investigation so far has shown that only a limited number of healthcare records within its ambulance transportation business were compromised. DocGo said no other business lines were impacted. 

New EU cyber rules for electricity providers

The Wall Street Journal reported that electricity providers in the European Union will soon have to perform cybersecurity risk assessments for regulators and disclose incidents. The goal is to prevent hacker attacks from causing blackouts in multiple countries.

European Parliament data breach 

As part of preparations made for the upcoming elections, the European Parliament discovered recently that an external recruitment application was breached in early 2024. The compromised application stored sensitive information related to roughly 8,000 candidates for temporary positions. The origin of the attack remains unknown.

2024 report on the cybersecurity posture of the United States 

The White House this week announced the Office of the National Cyber Director’s 2024 Report on the Cybersecurity Posture of the United States, a first-of-its-kind report that provides updates on how the nation is addressing cyberspace challenges and opportunities. 

Kaspersky accused of helping develop AI for Russian spy drones

InformNapalm, an outfit that claims to ‘expose secrets of the Russian hybrid war’, has accused cybersecurity firm Kaspersky of working with another Russian company on developing AI that Russia is using for spy drones deployed in Ukraine. In response, Kaspersky said it only worked with the company at a lab level rather than on a final product, and described InformNapalm’s article as containing factual inaccuracies and speculations. 

Secure by design guidance on choosing secure and verifiable technologies

Cybersecurity agencies in the US, Canada, UK, Australia and New Zealand have released joint Secure by Design guidance on choosing secure and verifiable technologies. The guidance aims to provide organizations with secure by design considerations when procuring digital products and services. 

Related: In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO

Related: In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights