SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
SentinelOne ends Wiz collaboration following acquisition rumors
SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.
Hackers may be breaking into LastPass vaults compromised in data breach
Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.
Semiconductor company NXP discloses data breach
Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months. No other information was exposed, NPX said.
Data breach at golf equipment maker Callaway impacts one million people
Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer.
New report details how China is weaponizing software vulnerabilities
A new report from the Atlantic Council details how China is weaponizing software vulnerabilities, often leveraging the fact that entities are required by law to report flaws to the Ministry of Industry and Information Technology (MIIT) within 48 hours of their discovery.
Vulnerability in Mend.io application security platform
WithSecure has found and disclosed a vulnerability in a Mend.io platform designed to help software developers identify and address vulnerabilities in code libraries. An attacker could have accessed the data of other Mend.io users in the same SaaS environment by needing only a valid email address associated with the victim.
Flipper Zero used for targeting Apple devices via Bluetooth
A researcher has demonstrated how the Flipper Zero hacking device can be used to spam Apple phones and tablets via Bluetooth advertising packets. An attacker can use the method for pranks (get notifications to pop up on nearby devices), but the researcher has also promised to show how it can be leveraged for more malicious purposes.
MinIO vulnerabilities exploited for new cloud attack vector
Two vulnerabilities patched in March in the MinIO object storage suite have been exploited in what researchers described as a new vector for cloud attacks. In observed attacks, threat actors exploited CVE-2023-28434 and CVE-2023-28432 to replace the original MinIO executable with an evil version containing a backdoor.
Russian APT targets energy facility in Ukraine
Ukraine’s government computer emergency response team CERT-UA said it spotted an attack launched by Russian state-sponsored threat group APT28 against an energy facility in the country. CERT-UA’s report describes the initial stages of the attack and it’s unclear if the attackers may have been trying to target ICS and cause a power outage, as they did in the past.
Interesting dynamically seeded DGAs
Akamai researchers have analyzed the dynamically seeded domain generation algorithm (DGA) used by the Pushdo and Necurs botnets and observed interesting behaviors that suggest cybercriminals are trying to extend the lifespan of C&C channels and avoid detection.
W3LL phishing kit used to target corporate Microsoft 365 accounts
A custom phishing kit called W3LL Panel has been acquired by at least 500 threat actors and used to target over 56,000 corporate Microsoft 365 accounts, according to Group-IB. The cybersecurity firm estimates that the W3LL tool’s developers may have made $500,000 in the last 10 months.
TXOne Networks announces new Edge v2 engine
Industrial cybersecurity firm TXOne Networks has announced the second generation of its Edge engine. The Edge v2 engine enables network segmentation via automated rule generation and learning.