Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Threat Intelligence

In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns

Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:     

Russia attempting to sabotage European railways

The Czech Republic’s transport minister told FT that Russia has been attempting to hack European rail networks in an effort to destabilize the EU and sabotage critical infrastructure. The Czech official said hackers had targeted signaling systems and the networks of the country’s national railway operator.

Nigerian national pleads guilty in US to role in BEC scheme

Oludayo Kolawole John Adeagb, a 45-year-old Nigerian extradited from the UK to the US, has pleaded guilty to his role in a multimillion dollar BEC scheme. The man remains in custody and he faces up to 20 years in prison. As per the plea agreement, Adeagbo will be required to pay restitution in the full amount of the victims’ losses, which is alleged to be at least $14 million. 

Advertisement. Scroll to continue reading.

X rushes to fix URL blunder after phishing warning

X, formerly Twitter, implemented a change on April 9 that would result in all twitter.com URLs being automatically converted to x.com. The social media giant quickly reversed course after the cybersecurity community showed how this could be abused for phishing attacks. For instance, cybercriminals could register the domain netflitwitter.com, which X would display as netflix.com.

NSA issues data security guidance 

The NSA has issued guidance for maturing data security and protecting access to data at rest and in transit. The goal is to help organizations ensure that only authorized users can access data. The capabilities described in the guidance integrate into a comprehensive zero trust framework. 

Ukrainian hackers target Moscow sewage system

A Ukrainian hacker group affiliated with the country’s security service claims to have targeted Moskollector, the firm that operates the communication system for Moscow’s sewage network. The hackers said they shut down 87,000 alarm sensors (preventing the company from responding to emergencies) and “destroyed” 70 servers and 90 Tb of data. Their claims could not be confirmed. The hackers often claim to launch disruptive attacks against Russian entities, including ISPs, utilities, the military, and data centers.  

Women in CyberSecurity report looks at gender disparities

A survey commissioned by Women in CyberSecurity (WiCyS) looks at the causes of disparities in the experiences of women in cybersecurity. The study found that the workplace experiences of women are dramatically worse than men across nearly every category. The top categories of exclusion are respect, career and growth, access and participation, and recognition. 

Silently fixed Lighttpd vulnerability exposes Intel and Lenovo servers

A Lighttpd vulnerability that was silently patched back in 2018 has now been found to expose Intel and Lenovo servers to attacks. The developers of the AMI MegaRAC BMC, which is used by both Intel and Lenovo, did not consume the Lighttpd patches released at the time, allowing the vulnerability to end up in devices that use the AMI BMC. Binarly, which recently discovered the security risk, has informed Intel and Lenovo, but they will not release patches because the impacted products have reached end of life. 

PasteHub domain seized by law enforcement

PasteHub, an anonymous note-sharing service integrated with the BreachForums cybercrime website, is currently displaying a message informing visitors that it has been seized by law enforcement, Catalin Cimpanu reported.

Thousands of ecommerce sites exposed to hacking 

Thousands of ecommerce websites powered by Invision Community can be taken over by hackers due to a recently patched SQL injection vulnerability. According to Egidio Romano, the researcher who found and reported the flaw, exploitation of the SQL injection can lead to remote code execution. Invision Community developers have fixed the SQL injection, but they have yet to patch the RCE aspect of the attack.

Dam sector concerned after report shows Microsoft’s cybersecurity failings

A Federal Energy Regulatory Commission (FERC) director recently told a Senate panel that the organization is concerned about the cybersecurity of thousands of dams across the United States in light of the recent Cyber Safety Review Board (CSRB) report highlighting Microsoft’s cybersecurity failures. FERC is concerned because the dam sector relies heavily on Microsoft products. 

Related: In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

Related: In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights