Connect with us

Hi, what are you looking for?


Threat Intelligence

In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking

Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Google Chronicle Security Operations platform unifies SIEM and SOAR

Google has updated its Chronicle Security Operations platform to unify its SIEM and SOAR solutions in a single place. Integrating with attack surface management technology from Mandiant, the platform allows organizations to retain and analyze data at scale, to identify and investigate threats faster. 

Open Systems makes OT firewall service generally available

Swiss managed secure access service edge (SASE) services provider Open Systems this week announced the general availability of its OT firewall service, which provides network security monitoring capabilities, enabling visibility and control over IIoT traffic, to help organizations identify and remediate malicious attacks. 

Advertisement. Scroll to continue reading.

Signal Protocol hardened against quantum threats

Encrypted messaging service Signal has taken steps to improve the resilience of its Signal Protocol — a set of specifications that provide end-to-end encryption for private communication — to quantum computing threats. Essentially, the protocol was upgraded from the X3DH specification to PQXDH, which now requires that attackers break both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber to compute the shared secret used in a private communication.

Election hacking at pilot event

IT-ISAC this week hosted the Election Security Research Forum, a first-of-its-kind pilot event meant to strengthen the security of US elections. Participating election technology manufacturers provided security researchers with access to new hardware (digital scanners, ballot marking devices, and electronic pollbooks) and software, under the principles of coordinated vulnerability disclosure, IT-ISAC says (PDF). 

Yubico starts trading on Nasdaq in Stockholm

Hardware security keys maker Yubico is now publicly traded on Nasdaq First North Growth Market in Stockholm, under the ticker symbol YUBICO. The intent to go public was initially announced in April, following its merger with Swedish holding company ACQ Bure. Yubico has been valued at $800 million. 

Pizza Hut Australia hacked

Hacking group ShinyHunters claimed to have stolen the personal information of roughly 1 million Pizza Hut Australia customers, but the food chain now says that less than 200,000 individuals might have been affected. Names, addresses, phone numbers, email addresses, and masked credit card data was compromised in the attack. 

Florida man sentenced to prison for BEC scheme

Mustapha Raji, 53, of Hollywood, Florida, has been sentenced to three years in prison and three years of supervised release, and was ordered to pay over $700,000 in restitution for his participation in a $1.7 million business email compromise (BEC) and money laundering scheme targeting a hedge fund founder in New York.

New revelations from the Snowden files

The PhD thesis of journalist and researcher Jacob Appelbaum brings to light new information from the Snowden files, including alleged backdoors in CPUs made by semiconductor company Cavium, and the NSA hacking Russia’s SORM lawful interception system.

ShroudedSnooper targeting telecom providers in the Middle East

A threat actor named ShroudedSnooper has been observed using the new HTTPSnoop

backdoor in attacks against telecommunications providers in the Middle East. The malware interacts with Windows HTTP kernel drivers to listen to specific incoming requests and execute their contents. The threat actor also uses the PipeSnoop implant in attacks, which can execute arbitrary shellcode received from a named pipe.

Ad systems exploited by newly uncovered Israeli spyware

Israeli newspaper Haaretz claims to have evidence that Israeli software maker Insanet has built a tool that can infect anyone via online adverts to spy on them, and that it has sold it to a totalitarian regime. Named Sherlock, the spyware can reportedly be used on Windows, Android, and iOS devices. 

1,200 organizations hit by MOVEit hack 

As of September 21, 2023, the number of organizations known to have been impacted by the May 2023 MOVEit hack has grown to 1,197, while the number of impacted individuals has surpassed 56 million, Emsisoft says. Over a dozen healthcare organizations in North Carolina have been hit via Microsoft-owned technology firm Nuance.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.


Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.