SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash
A coalition of anti-censorship voices is working to highlight reports of one Indian company’s hacker-for-hire past—and the legal threats aimed at making them disappear. (Wired)
Iran’s network of cyber contractors
Recorded Future reveals (PDF) how four Iranian intelligence and military contractors linked to the Islamic Revolutionary Guard Corps (IRGC) have been engaging with cyber contracting parties, creating a network of organizations in aid of Iranian state-sponsored threat actors’ targeting of government, media, critical infrastructure, and other entities in Western countries.
Ukrainian military targeted with new backdoor
Russia-linked APT group Shuckworm (aka Gamaredon, and Primitive Bear) has been observed targeting the Ukrainian military with a new PowerShell backdoor called Subtle-Paws. The backdoor can execute malicious payloads and achieve persistence. The observed attacks, which are part of the Steady#Ursa campaign, also involved lateral movement through infected USB drives.
APT28 brute-forcing government networks for 20 months
Between April 2022 and November 2023, Russian state-sponsored APT group Pawn Storm (APT28) was seen launching NTLMv2 hash relay attacks against numerous targets, including government entities, likely in an attempt “to brute-force its way into the networks of governments, the defense industry, and military forces around the world,” Trend Micro reports.
UNC4990 relies on USB drives for infection
For roughly four years, a financially motivated threat actor tracked as UNC4990 has been relying on weaponized USB drives to infect victims with malware, Mandiant reports. The infection chain starts with the victim clicking on a shortcut file (LNK) on the drive, which leads to the execution of a PowerShell script. The threat actor has been hosting its malicious payloads on popular websites, such as Ars Technica, GitHub, GitLab, and Vimeo.
Palo Alto Networks ordered to pay $151.5 million to Centripetal Networks
Palo Alto Networks was ordered to pay Centripetal Networks $151.5 million, after a jury found the cybersecurity firm infringed on several patents. Palo Alto disagrees with the decision and plans to seek relief from the court. Centripetal was also awarded $2.7 billion in a patent case against Cisco, but that ruling was overturned recently by a court.
Incognia and Oasis Security announce new funding
Location identity solutions provider Incognia has raised $31 million in Series B funding for its global expansion. The company’s technology can help prevent account takeovers and fake account creation.
Oasis Security has raised $40 million in funding for its non-human identity management solutions to help organizations automate the lifecycle of non-human identities, which can include service accounts, secrets, API keys, tokens and certificates.
UN Cybercrime Treaty endangers human rights, EFF warns
The Electronic Frontier Foundation (EFF) warns that, in its current form, the UN Cybercrime Treaty (PDF) makes the cyber ecosystem less secure and endangers human rights. The EFF and its partners ask UN member states to reject the convention unless major changes that limit surveillance and safeguard human rights are made.
Patches
Patches released for Chrome, Mastodon, Splunk, and WordPress address critical- and high-severity vulnerabilities that could lead to account takeover, remote code execution, and information disclosure.
Check Point unveils Infinity AI Copilot
Check Point announced the preview launch of Infinity AI Copilot, a product that leverages AI and cloud technologies to help organizations automate complex security tasks and provide proactive solutions to threats. The company says its goal is to boost the efficiency and effectiveness of security teams and address the global workforce shortage.
Number of WordPress vulnerabilities doubles
Twice as many vulnerabilities in WordPress were documented in 2023 compared to 2022, Defiant’s Wordfence team says in an annual report (PDF). Cross-site scripting (XSS), cross-site request forgery (CSRF), missing authentication/authorization bypass, SQL injection, and information disclosure were the top five most common types of vulnerabilities. Malware infections remained at the same level, credential stuffing attacks dropped, while XSS attacks surged.
Related: In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting
Related: In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet