Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams 

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Netherlands says Chinese cyberspies hacked 20,000 Fortinet devices

Dutch government agencies said a Chinese cyberespionage campaign exploited a Fortinet product vulnerability tracked as CVE-2022-42475 to hack at least 20,000 systems. The flaw was patched in December 2022, but it had been exploited as a zero-day before a fix was released. The Dutch agencies have now said that the campaign was much larger than previously believed. 

White House initiative aims to improve security of rural hospital systems

The White House has announced a new initiative whose goal is to enhance the security and resilience of rural hospital systems. The project includes Microsoft offering free and discounted security products and assessments, and Google providing endpoint security advice for free, and discounted prices for communication and collaboration tools and security support. Google will also launch a pilot program with rural hospitals to develop a tailored security offering. 

Advertisement. Scroll to continue reading.

Vulnerabilities in popular biometric access system

Kaspersky researchers have uncovered two dozen vulnerabilities in ZKTeco biometric access systems, including flaws that can be exploited to gain unauthorized access, steal biometric data, remotely manipulate devices, and plant backdoors. The security firm reported its findings to the vendor, but it’s unclear if patches have been released. 

Overview of ICS malware Fuxnet

Industrial cybersecurity firm Dragos has released a brief report on Fuxnet, a piece of ICS malware that was reportedly used recently to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm. 

EU law enforcement report on balancing privacy and security

EU law enforcement has published a report that calls for finding an equilibrium between privacy and security. Governments have long sought to convince the tech industry to find a way to implement backdoors in encrypted communications, but experts say it’s impossible to ensure that the backdoors would only be used for lawful purposes. The new report from the EU Innovation Hub for Internal Security continues to push for encryption backdoors. European Police Chiefs recently called for industry and governments to take action against the rollout of end-to-end encryption.

PoC released for Ivanti EPM vulnerability

Horizon3.ai has released technical details and a proof-of-concept (PoC) exploit for a recently patched Ivanti EPM vulnerability that can allow remote code execution.

Phone scammers impersonating CISA employees

The US cybersecurity agency CISA has warned the public that phone scammers are impersonating its employees. The agency has reminded people that it will never contact anyone to request money, cryptocurrency or gift cards.

Complaint against Google over user tracking

Austrian privacy group NOYB has filed a complaint with local data protection authorities against Google over the tech giant’s tracking of Chrome users. NOYB says Google’s Privacy Sandbox is advertised as a tool that combats invasive third-party tracking, but in reality the company is using it to trick users into accepting first-party ad tracking.

Cybersecurity work will factor into Microsoft employee pay

Microsoft will evaluate its employees’ cybersecurity work in reviews that will factor into their compensation. Specifically, one-third of the ‘individual performance’ portion of their bonus will depend on a review of their cybersecurity contributions. These changes come following a scathing report from the US government’s Cyber Safety Review Board (CSRB). 

32,000 cybersecurity incidents reported by federal agencies in 2023

An annual FISMA report made public this week by the White House shows that US federal agencies reported a total of 32,211 cybersecurity incidents in fiscal year 2023, which represents an increase of nearly 10% compared to the previous year. 

Related: In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis

Related: In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights