SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Keyboard typing sounds can expose sensitive user data
Researchers have detailed a new acoustic side-channel attack that involves the sounds made by the keyboard when the user is typing. By analyzing the sounds made by the keyboard and the user’s typing pattern in a realistic scenario, they showed how an attacker could obtain sensitive data such as passwords. During their experiments, the researchers achieved a success rate of 43%.
ICS attacks in the second half of 2023
Kaspersky has published a report on the ICS threat landscape in the second half of 2023. Roughly 31% of the ICS computers protected by the company were targeted, one of the smallest percentages recorded in the past several years.
DHS AI roadmap
The US Department of Homeland Security has laid out its Artificial Intelligence Roadmap, detailing how AI technologies could help protect privacy and civil liberties and rights and deliver essential goods and services, and announced three pilot programs to assess the efficacy of AI. DHS will work with private sector, federal agencies, and international partners to accelerate the development and deployment of AI solutions.
Ukraine arrests hackers trying to sell 100 million stolen accounts
Ukrainian police announced the arrest of three individuals involved in the theft of email and Instagram account credentials via brute-force attacks. The hackers are believed to have stolen the credentials for over 100 million user accounts, selling them to other cybercriminals on the dark web. Authorities seized computer equipment, phones, bank cards, and more than $3,000 in cash.
Google describes threat model for post-quantum cryptography
Google has shared some details on its threat model for post-quantum cryptography, saying that the main risk for a cryptographically relevant quantum computer is within a 10-15 year timeframe. The company expects significant improvements in this field by 2030.
Google offering rewards for AI-focused improvements to network scanner
Google is offering rewards ranging between $500 and $3,133.7 for contributions to its Tsunami network security scanner. Tsunami has an extensible plugin system for detecting severe vulnerabilities and the tech giant is seeking help for securing open source AI infrastructure via the scanner.
Zoom launches communications compliance solution
Zoom announced the launch of Zoom Compliance Manager, an offering that provides archiving, e-discovery, legal hold, and information protection capabilities to help organizations meet regulatory requirements and mitigate communications compliance risks across the platform.
I-Soon integrated operations platform analysis
BishopFox details the integrated operations platform of Chinese company I-Soon, a private contractor working with multiple Chinese government entities, including the Ministry of Public Security, Beijing’s top policing agency. The platform encompasses internal applications (for mission and resource management) and external applications (for cyber operations). At least two hacking groups are believed to act as I-Soon’s penetration teams.
Chinese hackers targeting defense contractors, government entities
Mandiant has observed the Chinese hacking group tracked as UNC5174 exploiting F5 BIG-IP and Connectwise ScreenConnect vulnerabilities (CVE-2023-46747 and CVE-2024-1709) in attacks targeting US defense contractor appliances, UK government entities, and various institutions. Likely affiliated with China’s Ministry of State Security (MSS), UNC5174 was also linked to Chinese hacktivist collectives.
Zephyr OS vulnerability
A vulnerability in the real-time operating system Zephyr OS renders protections against IP address spoofing attacks useless. Tracked as CVE-2023-7060 (CVSS score of 8.6), the issue exists because Zephyr OS “does not drop IP packets arriving from an external interface with a source address equal to the localhost or the destination address” and opens the door to DoS attacks. Zephyr OS versions 3.5, 3.4, 2.7, and all other releases supporting IPv6 or IPv4 are vulnerable.
DHCP administrators can take over Windows domains
Akamai has discovered that the DHCP administrators group in Active Directory (AD) environments can be leveraged to escalate privileges if a DHCP server role is installed on a domain controller. The attack technique abuses a legitimate feature: by modifying DHCP options, an attacker logged in as a DHCP administrator can make a DHCP server authenticate to their machine, mount a Kerberos relay attack to gain code execution on the DHCP server, and “compromise the entire domain by taking over the DC machine account”.
Related: In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets
Related: In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility
