SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Spyware vendor shutting down after Google disclosures
The Spain-based spyware vendor Variston, whose exploits were discovered and made public by Google, is reportedly having problems. TechCrunch learned from former employees that several people have left Variston following Google’s disclosures and they claim the company is now shutting down.
Wyze camera security incident
Smart home camera company Wyze has informed customers that 13,000 users received thumbnails from cameras that were not their own. More than 1,500 users tapped on the thumbnails and some were able to view video recordings. The company said less than 0.3% of accounts were impacted by the incident, which it blamed on a third-party caching client library.
8220 Gang back at cryptomining
Chinese threat actor 8220 Gang has been observed launching renewed attacks against Windows and Linux-based cloud infrastructure for cryptocurrency mining. Running for roughly a year, the group’s latest campaign reveals the use of PowerShell for fileless execution, DLL sideloading, and UAC and event tracking mechanism bypasses.
Lucifer DDoS botnet targeting Apache tools
Aqua Security has seen the Lucifer DDoS malware targeting Apache Hadoop and Apache Druid instances to ensnare them in a botnet capable of mining for cryptocurrency. More than 3,000 attacks targeting these solutions have been identified over the past month.
PyPI packages sideloading malware
Two packages in the PyPI package manager were caught relying on typosquatting to trick unsuspecting users into installing them and using DLL sideloading to load second-stage malware, ReversingLabs reports. The two packages appear to be part of a wider campaign abusing the software supply chain for malware infection.
Ransomware attack on DC school system impacts 100,000 people
Prince George’s County Public Schools (PGCPS) informed the Maine Attorney General’s Office that the personal information of close to 100,000 individuals was compromised in an August 2023 ransomware attack. Names, financial account information, and Social Security numbers were likely accessed or exfiltrated during the attack.
Freenom settles Meta lawsuit
Domain name registrar Freenom announced that it has reached a settlement with Meta in a lawsuit the social media giant filed last year over Freenom ignoring complaints about phishing websites. Freenom stopped allowing new domain name registrations in March last year and the number of phishing domains dropped significantly within months. Freenom says (PDF) it has decided to exit the domain name business.
Survey on OT environment risk management
Only half of organizations are effectively mitigating risks and security threats to OT, a new Ponemon Institute and Cyolo survey shows (PDF). However, most of the 1,056 security professionals in the US and EMEA who responded to the survey say they do not have an accurate inventory of OT assets and half of them have not reassessed the remote access tools adopted during the Covid pandemic.
CrowdStrike report: more threat actors, more victims
The number of threat actors tracked by CrowdStrike reached 232 and the number of victims named on leak sites has increased 76% in 2023, CrowdStrike’s 2024 Global Threat Report (PDF) shows. Attacks targeting cloud environments have increased as well, and most of the intrusions are associated with cybercrime, the report also shows.
US government works with Microsoft on expanded logging capabilities
Over the past six months, the US cybersecurity agency CISA, OMB, and ONCD have been working with Microsoft to roll out expanded logging capabilities to a group of US government agencies and are now making the capability available to all agencies using Microsoft Purview Audit. This will help agencies more effectively use logs for cyber threat detection and remediation. Microsoft has been under pressure to expand logging defaults following a Chinese APT hack last year.
Patches
Autodesk announced patches for 19 vulnerabilities in AutoCAD that could allow attackers to crash the application, leak data, or execute arbitrary code. VMware warned of a critical-severity flaw in deprecated Enhanced Authentication Plug-in (EAP), and Joomla patched five bugs, including XSS vulnerabilities leading to remote code execution.
UPDATE: Editor’s note: A previous version of this story’s subhead mistakenly named Varonis where it was intended to be Variston. We apologize for the mistake.
Related: In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption
Related: In Other News: $350 Million Google Settlement, AI-Powered Fraud