Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups

Noteworthy stories that might have slipped under the radar: Spyware vendor Variston is reportedly shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories

Spyware vendor shutting down after Google disclosures

The Spain-based spyware vendor Variston, whose exploits were discovered and made public by Google, is reportedly having problems. TechCrunch learned from former employees that several people have left Variston following Google’s disclosures and they claim the company is now shutting down.

Wyze camera security incident

Smart home camera company Wyze has informed customers that 13,000 users received thumbnails from cameras that were not their own. More than 1,500 users tapped on the thumbnails and some were able to view video recordings. The company said less than 0.3% of accounts were impacted by the incident, which it blamed on a third-party caching client library.

Advertisement. Scroll to continue reading.

8220 Gang back at cryptomining

Chinese threat actor 8220 Gang has been observed launching renewed attacks against Windows and Linux-based cloud infrastructure for cryptocurrency mining. Running for roughly a year, the group’s latest campaign reveals the use of PowerShell for fileless execution, DLL sideloading, and UAC and event tracking mechanism bypasses.

Lucifer DDoS botnet targeting Apache tools

Aqua Security has seen the Lucifer DDoS malware targeting Apache Hadoop and Apache Druid instances to ensnare them in a botnet capable of mining for cryptocurrency. More than 3,000 attacks targeting these solutions have been identified over the past month.

PyPI packages sideloading malware

Two packages in the PyPI package manager were caught relying on typosquatting to trick unsuspecting users into installing them and using DLL sideloading to load second-stage malware, ReversingLabs reports. The two packages appear to be part of a wider campaign abusing the software supply chain for malware infection.

Ransomware attack on DC school system impacts 100,000 people

Prince George’s County Public Schools (PGCPS) informed the Maine Attorney General’s Office that the personal information of close to 100,000 individuals was compromised in an August 2023 ransomware attack. Names, financial account information, and Social Security numbers were likely accessed or exfiltrated during the attack.

Freenom settles Meta lawsuit

Domain name registrar Freenom announced that it has reached a settlement with Meta in a lawsuit the social media giant filed last year over Freenom ignoring complaints about phishing websites. Freenom stopped allowing new domain name registrations in March last year and the number of phishing domains dropped significantly within months. Freenom says (PDF) it has decided to exit the domain name business.

Survey on OT environment risk management

Only half of organizations are effectively mitigating risks and security threats to OT, a new Ponemon Institute and Cyolo survey shows (PDF). However, most of the 1,056 security professionals in the US and EMEA who responded to the survey say they do not have an accurate inventory of OT assets and half of them have not reassessed the remote access tools adopted during the Covid pandemic.

CrowdStrike report: more threat actors, more victims

The number of threat actors tracked by CrowdStrike reached 232 and the number of victims named on leak sites has increased 76% in 2023, CrowdStrike’s 2024 Global Threat Report (PDF) shows. Attacks targeting cloud environments have increased as well, and most of the intrusions are associated with cybercrime, the report also shows.

US government works with Microsoft on expanded logging capabilities

Over the past six months, the US cybersecurity agency CISA, OMB, and ONCD have been working with Microsoft to roll out expanded logging capabilities to a group of US government agencies and are now making the capability available to all agencies using Microsoft Purview Audit. This will help agencies more effectively use logs for cyber threat detection and remediation. Microsoft has been under pressure to expand logging defaults following a Chinese APT hack last year.

Patches

Autodesk announced patches for 19 vulnerabilities in AutoCAD that could allow attackers to crash the application, leak data, or execute arbitrary code. VMware warned of a critical-severity flaw in deprecated Enhanced Authentication Plug-in (EAP), and Joomla patched five bugs, including XSS vulnerabilities leading to remote code execution.

UPDATE: Editor’s note: A previous version of this story’s subhead mistakenly named Varonis where it was intended to be Variston. We apologize for the mistake.

Related: In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption

Related: In Other News: $350 Million Google Settlement, AI-Powered Fraud

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.