SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Cybercriminals targeting hotels, booking sites and travel agents
Cybercriminals are deploying infostealer malware on the systems of hotels, booking sites and travel agents, and then use the access they have obtained to reach out to their customers through legitimate communication channels. The goal is to trick the targeted company’s customers to hand over payment card information, Akamai reported.
Diplomatic phishing operations of Russia’s APT29
Mandiant has published a technical report describing the diplomatic phishing operations of Russia’s APT29 cyberespionage group since the start of the war in Ukraine. The cybersecurity firm has seen significant changes in the threat actor’s tooling and tradecraft.
Spanish aerospace company targeted by North Korean hackers
A Spanish aerospace company has been targeted by the North Korean hacker group Lazarus with a previously unknown backdoor named LightlessCan. The attackers gained initial access to the company’s systems after posing as a recruiter for Meta, ESET reported.
ShadowSyndicate working with various ransomware groups
Group-IB has analyzed the activities of a threat actor named ShadowSyndicate, which has worked with various ransomware groups and affiliates since July 2022. There is evidence that the group was involved in Quantum, Nokoyawa, ALPHV, Royal, Cl0p, Cactus, and Play ransomware operations.
APT and financial attacks on industrial organizations
Kaspersky has published a report summarizing the state-sponsored and financially motivated attacks launched against industrial organizations in the first half of 2023.
Fort Lauderdale loses $1.2 million in BEC attack
The city of Fort Lauderdale in Florida has lost $1.2 million in a BEC attack that involved the attackers posing as a construction company the city has been working with, CNN reported. The cybercriminals provided documents that made their request for the money seem legitimate.
French hacker pleads guilty in the US
Sebastien Raoult, aka Sezyo Kaizen, a French citizen and member of the notorious ShinyHunters cybercrime group, has pleaded guilty in a US court to fraud and identity theft charges. He was arrested last year in Morocco and extradited to the US in January. Authorities say Raoult and his accomplices stole hundreds of millions of user records and caused losses of over $6 million.
US sanctions Russian and Chinese firms over national security risks
The US has sanctioned companies in China, Russia and other countries, citing national security risks.
Marvin attack on RSA encryption
A researcher has disclosed the details of Marvin, a new attack method against RSA encryption that demonstrates Bleichenbacher-style attacks work against many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were until now believed to be safe.
Meta describes privacy safeguards in new generative AI features
Meta has described the privacy safeguards implemented in its new generative AI features in an effort to protect users’ information. The new features include a conversational assistant, AI stickers, as well as 28 more AIs with unique personalities and interests.