Threat Intelligence

In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking

Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Google Chronicle Security Operations platform unifies SIEM and SOAR

Google has updated its Chronicle Security Operations platform to unify its SIEM and SOAR solutions in a single place. Integrating with attack surface management technology from Mandiant, the platform allows organizations to retain and analyze data at scale, to identify and investigate threats faster. 

Open Systems makes OT firewall service generally available

Swiss managed secure access service edge (SASE) services provider Open Systems this week announced the general availability of its OT firewall service, which provides network security monitoring capabilities, enabling visibility and control over IIoT traffic, to help organizations identify and remediate malicious attacks. 

Advertisement. Scroll to continue reading.

Signal Protocol hardened against quantum threats

Encrypted messaging service Signal has taken steps to improve the resilience of its Signal Protocol — a set of specifications that provide end-to-end encryption for private communication — to quantum computing threats. Essentially, the protocol was upgraded from the X3DH specification to PQXDH, which now requires that attackers break both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber to compute the shared secret used in a private communication.

Election hacking at pilot event

IT-ISAC this week hosted the Election Security Research Forum, a first-of-its-kind pilot event meant to strengthen the security of US elections. Participating election technology manufacturers provided security researchers with access to new hardware (digital scanners, ballot marking devices, and electronic pollbooks) and software, under the principles of coordinated vulnerability disclosure, IT-ISAC says (PDF). 

Yubico starts trading on Nasdaq in Stockholm

Hardware security keys maker Yubico is now publicly traded on Nasdaq First North Growth Market in Stockholm, under the ticker symbol YUBICO. The intent to go public was initially announced in April, following its merger with Swedish holding company ACQ Bure. Yubico has been valued at $800 million. 

Pizza Hut Australia hacked

Hacking group ShinyHunters claimed to have stolen the personal information of roughly 1 million Pizza Hut Australia customers, but the food chain now says that less than 200,000 individuals might have been affected. Names, addresses, phone numbers, email addresses, and masked credit card data was compromised in the attack. 

Florida man sentenced to prison for BEC scheme

Mustapha Raji, 53, of Hollywood, Florida, has been sentenced to three years in prison and three years of supervised release, and was ordered to pay over $700,000 in restitution for his participation in a $1.7 million business email compromise (BEC) and money laundering scheme targeting a hedge fund founder in New York.

New revelations from the Snowden files

The PhD thesis of journalist and researcher Jacob Appelbaum brings to light new information from the Snowden files, including alleged backdoors in CPUs made by semiconductor company Cavium, and the NSA hacking Russia’s SORM lawful interception system.

ShroudedSnooper targeting telecom providers in the Middle East

A threat actor named ShroudedSnooper has been observed using the new HTTPSnoop

backdoor in attacks against telecommunications providers in the Middle East. The malware interacts with Windows HTTP kernel drivers to listen to specific incoming requests and execute their contents. The threat actor also uses the PipeSnoop implant in attacks, which can execute arbitrary shellcode received from a named pipe.

Ad systems exploited by newly uncovered Israeli spyware

Israeli newspaper Haaretz claims to have evidence that Israeli software maker Insanet has built a tool that can infect anyone via online adverts to spy on them, and that it has sold it to a totalitarian regime. Named Sherlock, the spyware can reportedly be used on Windows, Android, and iOS devices. 

1,200 organizations hit by MOVEit hack 

As of September 21, 2023, the number of organizations known to have been impacted by the May 2023 MOVEit hack has grown to 1,197, while the number of impacted individuals has surpassed 56 million, Emsisoft says. Over a dozen healthcare organizations in North Carolina have been hit via Microsoft-owned technology firm Nuance.

Related Content

Cybercrime

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

Data Breaches

Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal. 

Data Protection

Noteworthy stories that might have slipped under the radar: 4,000 take part in Locked Shields 2024 exercise, Qantas and JP Morgan hit by data...

Management & Strategy

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

Malware & Threats

Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company...

Threat Intelligence

Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law...

Government

Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK...

Malware & Threats

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple...

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version