SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Hack of powerful US law firm linked to China
Wiley Rein, a Washington DC law firm that serves major companies and the government, is telling clients that the Microsoft 365 email accounts of attorneys and advisers were hacked by what appears to be a Chinese state-sponsored threat actor, CNN reported. The hackers’ goal seems to have been intelligence gathering.
Italian police target Diskstation ransomware group
Italian police announced this week that they have identified the members of a ransomware group named Diskstation, which demanded a ransom after encrypting data on victims’ Synology NAS devices. Several Romanian nationals are believed to have taken part in the operation, including a 44-year-old who is suspected of leading the cybercriminal activities.
Microsoft using Chinese engineers to maintain Defense Department systems
A ProPublica investigation has revealed that Microsoft has been using Chinese engineers to help maintain US Department of Defense systems, which could expose sensitive data to the Chinese government. The work of the foreign engineers, which include other nationalities in addition to Chinese, is supervised by so-called ‘digital escorts’, who have the necessary security clearances. These escorts should prevent espionage and sabotage, but ProPublica reported that they may not have the skills needed to identify malicious code.
Symantec vulnerability allows remote code execution
Researchers at LRQA have discovered a critical vulnerability in Broadcom’s Symantec Endpoint Management solution, specifically the Altiris Inventory Rule Management (IRM) component. The flaw can allow a remote, unauthenticated attacker who has access to the targeted endpoint to execute arbitrary code. The vulnerability has been patched.
UK retailer Co-op says 6.5 million members had data stolen in cyberattack
The chief executive of Co-op admitted on a BBC show that all of the British retailer’s 6.5 million members had their data stolen in the recent cyberattack. The compromised information included names, addresses, and contact information. Four individuals were recently arrested in the UK over the hacker attacks on Co-op and other local retailers.
Meta paid out $10,000 bug bounty for AI hack
Sandeep Hodkasia of security testing firm AppSecure received a $10,000 bug bounty from Meta for a vulnerability in the Meta AI chatbot that enabled him to see what other users had asked the chatbot and the responses they had received, TechCrunch reported. Meta said it had found no evidence of malicious exploitation.
HP study finds many IT teams fail to patch printers
A study conducted by HP Wolf Security found that only 36% of IT teams patch printer firmware. A survey of 800 IT and security decision-makers showed that in only 38% of cases procurement, IT and security teams work together to define printer security standards, and in more than 40% of cases IT and security teams are not involved in vendor presentations. More than half of decision makers said they cannot confirm a printer has not been tampered with in the supply chain once it arrives.
Lawmakers look at Stuxnet attack to boost OT security
The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection is set to hold a hearing that will focus on the Stuxnet malware attack launched two decades ago against an Iranian nuclear facility by the US and Israel, CyberScoop reported. The goal is for the lessons learned from the Stuxnet attack to guide policies to enhance the security of critical infrastructure and other OT systems.
Chinese attacks on Taiwan semiconductor industry ramp up
Proofpoint has shared details of several attacks conducted by suspected Chinese state-sponsored threat actors against Taiwan’s semiconductor industry, likely to conduct espionage. “This activity likely reflects China’s strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains and technologies, particularly in light of US and Taiwanese export controls,” the security firm said.
Cybercriminals attempting to bypass FIDO keys in phishing attack
A cybercrime group named PoisonSeed, which specializes in cryptocurrency theft, was recently spotted using an interesting technique to gain access to accounts protected by FIDO physical security keys, according to Expel. The attacks don’t involve the exploitation of FIDO vulnerabilities. Instead, the attackers are abusing cross-device sign-in features, bypassing the security provided by FIDO keys by tricking the victim to provide access through an alternative sign-in method via a mobile MFA app. The attackers achieve this through a real-time attack by obtaining a QR code presented by the legitimate login portal and getting the user to scan the QR code with their MFA app to approve the login. UPDATE: Based on further analysis and consultations with the cybersecurity community, Expel has determined that the attackers were not actually successful as “all subsequent MFA challenges failed and the attacker is never granted access to the requested resource”.
Related: In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs
