Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI

Noteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data.

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Threat actor creates fake Cado Security domain and X account

Cado Security discovered recently that a threat actor had registered a typosquatted domain name targeting the company. The domain pointed to Cado’s legitimate website at the time of discovery, which suggests the hackers may have been preparing for a phishing attack. The attackers also created a fake Cado Security account on the social media platform X, for which they even acquired a gold checkmark. An analysis by Cado showed that several tech companies were targeted in a similar fashion by the same threat actor. 

NGate Android malware helps crooks steal cash from ATMs

ESET has discovered an Android malware, named NGate, that appears to have been used by crooks to withdraw cash at ATMs from victims’ bank accounts. The malware, distributed to people in Czechia via malicious websites claiming to offer banking apps, enabled attackers to steal NFC data from victims’ physical payment cards and relay it to the attacker, who could then use it to withdraw money or make payments at contactless terminals. The cybercrime operation appears to have been paused following the arrest of a suspect. 

Advertisement. Scroll to continue reading.

QNAP improves product security in response to ransomware attacks

QNAP has added new security features to its QTS operating system for network-attached storage (NAS) products in an effort to prevent ransomware and other attacks. It’s not uncommon for QNAP NAS devices to be targeted by ransomware. The new Security Center actively monitors file activities and implements protective measures such as blocking and backups when suspicious behavior is detected. The company has also added support for TCG-Ruby self-encrypting drives (SED).

FlightAware exposed customer data

Flight tracking service FlightAware has informed customers that they need to reset their passwords after the company discovered that it had been exposing their information since 2021 due to a “configuration error”. Exposed information can include, depending on what the user has provided, names, IDs, passwords, social media accounts, email addresses, physical addresses, IPs, phone numbers, dates of birth, partial payment card information, and even Social Security numbers. 

FAA improving cyber rules for airplanes

The US Federal Aviation Administration (FAA) is requesting public comment on proposed rules for new design standards to address cybersecurity threats to airplanes. The main goal of the new rules is to harmonize and standardize cybersecurity certification criteria.

GreenCharlie: Iranian hackers targeting US political entities with malware and phishing

Recorded Future has a report detailing the activities and infrastructure of GreenCharlie, an Iran-linked threat group that has targeted US political and government entities with sophisticated phishing attacks and malware.

Microsoft Entra ID vulnerability

Cymulate has described a vulnerability affecting Microsoft Entra ID (formerly Azure AD) and potentially allowing unauthorized access. However, local admin privileges are needed to exploit the weakness. Microsoft does plan on addressing the issue, but it does not view it as an urgent vulnerability, according to Cymulate. 

Data exfiltration via Slack AI 

Prompt Armor has detailed an attack method that involves abusing Slack AI to exfiltrate data from private channels. In one version of the attack, the attacker needs access to the targeted entity’s Slack environment, but some recently introduced features may enable attacks without Slack access. Slack has been notified, but it has determined that no action is warranted.

North Korea’s MoonPeak malware

Cisco Talos has analyzed new infrastructure used by a North Korean threat actor following the discovery of a piece of malware named MoonPeak. MoonPeak, a RAT based on the open source XenoRAT malware, is being actively developed. 

Related: In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack

Related: In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights