SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Quickly hitting Enter key to hack an encrypted Linux computer
Researchers at Pulse Security discovered that an attacker who has physical access to an encrypted Linux system can gain local root access to the computer — bypassing full-disk encryption — by quickly hitting Enter on the keyboard or using a special device to simulate the process. These types of attacks are not new.
High-severity vulnerability patched in Chrome
A new Chrome 116 update patches a high-severity use-after-free vulnerability. These types of flaws can typically be combined with other bugs for sandbox escapes and remote code execution. The bug bounty for the vulnerability has yet to be determined by Google.
Google details Android fuzzing efforts
Google has published a blog post detailing its Android fuzzing efforts, including how it finds vulnerabilities, why it continues to invest in fuzzing, challenges, and how others can contribute.
Top-level domains and DNS issues
Cisco Talos has conducted research into top-level domain (TLDs) and DNS issues, highlighting potential risks related to the .kids TLD, ‘zombified’ DNS name issues related to various country TLDs, as well as problems with second-level TLDs.
Skype mobile app is leaking IP addresses
The Skype mobile application is leaking IP addresses, according to a report from 404 Media. A hacker can obtain a targeted user’s IP by sending them a link over Skype — the victim does not have to interact with the link. Microsoft has been notified, but the company is not rushing to patch it.
Rackspace says cost of ransomware attack remediation tops $10 million (so far)
After being hit by a ransomware attack in December 2022, cloud computing company Rackspace said in a recent earnings presentation that it has spent $10.8 million so far responding to the incident that impacted its hosted Exchange infrastructure, forcing it to sunset the offering. The company said it expects to continue to incur legal and other professional services costs in future periods.
University of Michigan cyberattack
The University of Michigan has been targeted in a cyberattack that resulted in significant disruptions to its systems, as well as internet outages. The university has not shared any information on the attack itself, citing an ongoing investigation.
CISA and FBI release QakBot infrastructure indicators of compromise (IOCs)
CISA and the FBI have released IoCs associated with the recently disrupted QakBot botnet infrastructure. The botnet was targeted as part of an international law enforcement operation that involved the distribution of a utility designed to automatically remove the malware from infected systems.
Classiscam cybercrime groups made millions by scamming users worldwide
Group-IB has a report on Classiscam, a scam operation that has allowed hundreds of cybercrime groups to make nearly $65 million by targeting individuals across 79 countries, tricking them into sending money for inexistent goods sold online. An automated scam-as-a-service program has made it easier for scammers to conduct their activities.
Malwarebytes laying off 100 employees
Cybersecurity firm Malwarebytes has laid off 100 employees as it prepares to separate its consumer- and enterprise-focused business units. Last year, the company terminated 14% of its staff (roughly 125 people).