SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Russia blames China and North Korea for cyberattacks
Rostelecom-owned cybersecurity firm Solar reported that Asian hackers, especially state-sponsored threat actors operating out of China and North Korea, are responsible for a surge in cyberattacks targeting Russia. Focused on espionage and data theft, the attacks mainly targeted the telecommunications and public sectors, Solar’s report (in Russian) notes.
Security firm COO admits to hacking hospitals
Atlanta-based cybersecurity firm Securolytics’ chief operating officer (COO), Vikas Singla, has admitted in court to orchestrating a series of cyberattacks against local hospitals in 2018, to boost his company’s business. He was ordered to pay over $800,000 in restitution and could be sentenced to 57 months of probation, including home detention.
Hacker breaches hotel networks, fakes own death
The US charged Jesse E. Kipf, of Somerset, Kentucky, with compromising state and corporate networks and accessing private information, and with attempting to sell credentials he used to access those networks. Kipf allegedly compromised Guest-Tek and Milestone to access services provided to hotel chains and steal Marriott customer information, and reportedly hacked US death certificate registration agencies in an attempt to fake his own death.
Idaho National Laboratory data breach
Idaho National Laboratory has confirmed a data breach impacting employee information, including names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, bank account data, and more. Hacktivist group SiegedSec has claimed responsibility for the attack, leaking the allegedly stolen information online.
Large phishing campaign distributes DarkGate, PikaBot malware
A sophisticated phishing campaign that has been distributing the DarkGate malware since September recently started delivering PikaBot. Cofense draws parallels between this campaign and the distribution of the QakBot malware and botnet, which is currently silent, following a law enforcement takedown in August.
GPS attacks against commercial flights
Since September, commercial flights have been experiencing “unthinkable” GPS failures when flying over the Middle East, especially near Iran, caused by novel spoofing attacks. Spoofed navigation signals have been telling airplanes they are flying miles away from their real location, preventing them from navigating correctly. The issue is unknown and no resolution is available.
Ukraine fires top cyber defense officials
Ukraine has dismissed Yurii Shchyhol and Viktor Zhora, the head and the deputy of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), a unit in charge with cyberattack protections and government communication security. The two are investigated over their alleged roles in a $1.72 million fraud scheme, Reuters reports.
Australian government funding
Australia has announced $18 million in funding for cybersecurity programs aimed at small and medium-sized businesses. Firms will be offered cybersecurity posture assessment services and assistance with other cyber challenges, such as recovering from attacks.
Drenan Dudley appointed new acting national cyber director
The White House has appointed Drenan Dudley as the interim acting national cyber director, taking over from Kemba Walden, who held the position since March. Harry Coker Jr., the White House’s nominee for the permanent position, is currently working his way through the Senate.
DIALStranger vulnerabilities allow TV hacking
A security researcher has released information on DIALStranger, a set of vulnerabilities impacting Discovery and Launch (DIAL), a protocol co-developed by Netflix, YouTube, Sony, and Samsung for playing videos on TVs and other devices. The vulnerabilities could allow hackers to play any video on the targeted TV, even without user interaction. The issues were identified in 2019 but, due to the nature of the affected products, some devices remain unpatched.
Messaging service Sunbird suspended over security concerns
Sunbird, an Android and web messaging platform that brings together popular services such as iMessage, Facebook Messenger, Slack, and more, has suspended activity after researchers flagged serious security issues. Despite the platform’s claims, the service lacks encryption, exposing messages to interception while in transit, or to Sunbird employees, when stored on the platform’s servers, the researchers say. Nothing Chats, an iMessage for Android application that uses the Sunbird platform, has been removed from Google Play.
Juniper and Trellix patch high-severity vulnerabilities
Over the past week, Juniper Networks and Trellix have released patches for multiple vulnerabilities. Juniper patched a high-severity flaw in Junos OS and Junos OS Evolved, and multiple issues in Juniper Secure Analytics (JSA), while Trellix resolved a high- and a medium-severity bug in ePolicy Orchestrator.
