SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Threat actor creates fake Cado Security domain and X account
Cado Security discovered recently that a threat actor had registered a typosquatted domain name targeting the company. The domain pointed to Cado’s legitimate website at the time of discovery, which suggests the hackers may have been preparing for a phishing attack. The attackers also created a fake Cado Security account on the social media platform X, for which they even acquired a gold checkmark. An analysis by Cado showed that several tech companies were targeted in a similar fashion by the same threat actor.
NGate Android malware helps crooks steal cash from ATMs
ESET has discovered an Android malware, named NGate, that appears to have been used by crooks to withdraw cash at ATMs from victims’ bank accounts. The malware, distributed to people in Czechia via malicious websites claiming to offer banking apps, enabled attackers to steal NFC data from victims’ physical payment cards and relay it to the attacker, who could then use it to withdraw money or make payments at contactless terminals. The cybercrime operation appears to have been paused following the arrest of a suspect.
QNAP improves product security in response to ransomware attacks
QNAP has added new security features to its QTS operating system for network-attached storage (NAS) products in an effort to prevent ransomware and other attacks. It’s not uncommon for QNAP NAS devices to be targeted by ransomware. The new Security Center actively monitors file activities and implements protective measures such as blocking and backups when suspicious behavior is detected. The company has also added support for TCG-Ruby self-encrypting drives (SED).
FlightAware exposed customer data
Flight tracking service FlightAware has informed customers that they need to reset their passwords after the company discovered that it had been exposing their information since 2021 due to a “configuration error”. Exposed information can include, depending on what the user has provided, names, IDs, passwords, social media accounts, email addresses, physical addresses, IPs, phone numbers, dates of birth, partial payment card information, and even Social Security numbers.
FAA improving cyber rules for airplanes
The US Federal Aviation Administration (FAA) is requesting public comment on proposed rules for new design standards to address cybersecurity threats to airplanes. The main goal of the new rules is to harmonize and standardize cybersecurity certification criteria.
GreenCharlie: Iranian hackers targeting US political entities with malware and phishing
Recorded Future has a report detailing the activities and infrastructure of GreenCharlie, an Iran-linked threat group that has targeted US political and government entities with sophisticated phishing attacks and malware.
Microsoft Entra ID vulnerability
Cymulate has described a vulnerability affecting Microsoft Entra ID (formerly Azure AD) and potentially allowing unauthorized access. However, local admin privileges are needed to exploit the weakness. Microsoft does plan on addressing the issue, but it does not view it as an urgent vulnerability, according to Cymulate.
Data exfiltration via Slack AI
Prompt Armor has detailed an attack method that involves abusing Slack AI to exfiltrate data from private channels. In one version of the attack, the attacker needs access to the targeted entity’s Slack environment, but some recently introduced features may enable attacks without Slack access. Slack has been notified, but it has determined that no action is warranted.
North Korea’s MoonPeak malware
Cisco Talos has analyzed new infrastructure used by a North Korean threat actor following the discovery of a piece of malware named MoonPeak. MoonPeak, a RAT based on the open source XenoRAT malware, is being actively developed.
Related: In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack
Related: In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims