SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Researchers analyze satellite security
Researchers in Germany have analyzed several satellites and discovered various types of vulnerabilities, as well as the lack of protection mechanisms such as encryption and authentication. They showed how an attacker could disrupt communications with ground control, and take control of a satellite’s systems.
However, satellite hacking is not easy and manufacturers are counting on security through obscurity in hopes of preventing hacker attacks. The researchers worked with the European Space Agency, universities involved in the development of satellites, and a commercial company to conduct their work.
Microsoft expands Security Service Edge (SSE), renames Azure AD
Microsoft has added two new identity-centric capabilities to its Security Service Edge (SSE) solution. The new Entra Internet Access and Entra Private Access will secure access to internet, SaaS and Microsoft 365 applications, and private apps and resources. In addition, to simplify naming, the tech giant is renaming Azure AD to Entra ID, without changing APIs, capabilities, licensing, or sign-in URLs.
Introducing passwordless authentication on GitHub.com
GitHub this week announced the public beta availability of passkey authentication on GitHub.com, allowing users to sign in with biometric credentials, without having to enter their password. Users can enable passkeys authentication from the Settings menu, by navigating to the ‘feature preview’ tab.
Two-factor authentication vulnerability patched in Drupal
A vulnerability affecting a two-factor authentication module has been patched in the Drupal CMS. The module enables developers to allow or require a second authentication method, but the requirement is not always enforced.
Cryptojacking campaign expands to Azure and Google Cloud
A cryptojacking campaign believed to be linked to a cybercrime group named TeamTNT appears to have expanded its targeting from AWS to Azure and Google Cloud environments. Aqua Security and SentinelOne have each analyzed recent attacks.
PyLoose: Python-based fileless malware targeting cloud workloads
Cloud security startup Wiz warns of PyLoose, a new fileless attack relying on Python code to load an XMRig miner into memory. The PyLoose script contains the compressed and encoded fileless payload, which it decodes, decompresses, and writes to the memfd buffer, a Linux feature for creating anonymous memory-backed file objects. Wiz has described it as “the first publicly documented Python-based fileless attack targeting cloud workloads in the wild”.
WormGPT used in BEC attacks
Email security firm SlashNext details how WormGPT, a blackhat alternative to GPT models, can be used to set up Business Email Compromise (BEC) attacks. The AI module can produce persuasive, cunning, and well-written email messages to pressure employees into paying fraudulent invoices. According to SlashNext, the tool is “similar to ChatGPT but has no ethical boundaries or limitations”.
Cryptocurrency analysis shows growing ransomware profits
An analysis conducted by Chainalysis shows that ransomware-related cryptocurrency transactions have been on the rise in 2023, with cybercriminals having extorted at least $450 million through June.
The GRU’s Disruptive Playbook
Mandiant details a ‘standard five-phase playbook’ that Russian military intelligence unit GRU has adopted in its disruptive operations against Ukraine over the past year and a half. Believed to be “a deliberate effort to increase the speed, scale, and intensity at which the GRU can conduct offensive cyber operations, while minimizing the odds of detection”, the playbook may be used in future crises and conflict scenarios as well.
Hub Cyber Security investor lawsuit
Several law firms have announced investor class action lawsuits against Hub Cyber Security and some of its officers over the company’s merger with the Mount Rainier Acquisition Corp SPAC, a deal that made Hub a publicly traded company. Hub shares have been steadily dropping since its debut, reaching 35 cents per share on July 14.
SpecterOps closes Series A extension
Threat intelligence provider SpecterOps has extended its Series A funding round to include an $8.5 million investment from Ballistic Ventures. The funding adds to the previously announced $25 million Series A investment from Decibel and angel investors, for a total of $33.5 million, and will drive the adoption of the BloodHound Enterprise (BHE) platform and the expansion of research and development initiatives across SpecterOps.
PrivacyHawk raises $2.7 million
Personal data protection provider PrivacyHawk has raised $2.7 million in a seed round led by ff Venture Capital (ffVC). To date, the company has raised $3.8 million. The Los Angeles-based startup provides a comprehensive solution to help users manage their digital footprint and reduce the risk of fraud, scams, and other cyberattacks.
