SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Google restricting internet access to reduce cyber risk
Saying its employees are a frequent target of attacks, Google is enlisting employees for a pilot program to work without internet access, CNBC reports. The company reportedly selected 2,500 employees to participate but has since opened it up to volunteers, and will allow select employees to opt out.
Millions of US military emails leaked
Millions of email messages destined for US military addresses were erroneously sent to a domain for the African country of Mali. Due to a one-character typo, documents, medical data, travel information and more were sent to .ml addresses instead of .mil. The Department of Defense reportedly says it has controls in place to prevent emails from being sent to the wrong addresses, but the situation has been ongoing for roughly a decade.
A quantum cybersecurity agenda for Europe
A discussion paper (PDF) on why the European Union needs to develop a European quantum ecosystem to counter challenges arising from the rapid development of quantum computers. Threat actors, the paper notes, are already harvesting encrypted information they can decrypt once cryptographically significant quantum computers emerge.
CISA recommends free cloud tools
New CISA guidance (PDF) recommends a set of open source tools that organizations can use to assess their security stance, harden their infrastructure against malicious attacks, and to improve their detection and investigation capabilities in the cloud. These include The Cybersecurity Evaluation Tool, SCuBAGear, The Untitled Goose Tool, Decider, and Memory Forensic on Cloud.
Acting cyber director will not get permanent role due to personal debts
Acting national cyber director Kemba Walden will not be offered the position permanently, “because of personal debt issues”, a source told Reuters. Walden took her role in February, overseeing the implementation of the US’s National Cybersecurity Strategy.
OpenSSH remote code execution vulnerability
A vulnerability (CVE-2023-38408) in OpenSSH’s forwarded ssh-agent allows a remote attacker to execute commands. The ssh-agent is a widely used background program for caching private keys used for public key authentication, but connections to it can be forwarded, exposing the system administrator’s workstation to potential attacks. However, its potential impact is not as significant as it might sound, security researcher Kevin Beaumont says.
New KillNet capabilities
Mandiant has analyzed the recent increase in capability and shift in tactics showcased by the pro-Russia hacktivist collective KillNet, which is known for targeting US and European entities, including NATO. This “potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state”.
Chinese espionage group behind advanced Android surveillanceware
Cybersecurity firm Lookout believes that the Chinese espionage group APT41 is responsible for the advanced Android spyware dubbed WyrmSpy and DragonEgg. Also known as Barium and Winnti, the state-sponsored group has been active since 2012, targeting government organizations for espionage and private entities for financial gain.
New Splunk OT offering improves visibility in physical and industrial environments
Splunk announced Splunk Edge Hub this week, a new solution designed to simplify the ingestion and analysis of data generated by sensors, IoT devices and industrial equipment, and provide more complete visibility across IT and OT environments by streaming previously hard-to-access data directly into the Splunk platform.
Industrial control systems: engineering foundations and cyber-physical attack lifecycle
ICS security engineer Marina Krotofil has published a technical paper on cyber-physical systems (CPS), their security, and the lifecycle of a cyberattack against industrial control systems (ICS). The paper explores the interaction with the CPS from an attacker’s perspective and aims to share light on the required defenses.