SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Nearly $60 million stolen in crypto wallet drainer campaign
Nearly $60 million were stolen from more than 63,000 victims as part of a cryptocurrency wallet drainer campaign. According to Scam Sniffer, the attackers leveraged 10,000 phishing sites, many advertised via ads on Google and X.
Xamalicious backdoor infected many Android devices
A stealthy backdoor named Xamalicious has infected at least 320,000 Android devices through Google Play. McAfee has identified roughly two dozen applications delivering the malware and the security firm has published a detailed technical analysis of the threat.
Microsoft says threat actors abusing App Installer for malware delivery
Microsoft warns of multiple financially motivated threat actors abusing the ms-appinstaller URI scheme (App Installer) for malware distribution. Cybercrime groups such as Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674 are using malvertising and Microsoft Teams phishing schemes to deploy trojans, backdoors, information stealers, and ransomware. In response, Microsoft has disabled the ms-appinstaller URI scheme handler by default in App Installer build 1.21.3421.0.
Mint Mobile data breach
Prepaid mobile carrier Mint Mobile is informing customers about a data breach that involved unauthorized access to their information, including names, phone numbers, email addresses, SIM and IMEI numbers, and service plan data.
Ubisoft investigating hacking claims
Video game giant Ubisoft has launched an investigation after an unknown threat actor claimed to have had access to its systems for roughly 48 hours. The attacker claimed it attempted to exfiltrate 900 Gb of data, but its access was cut off by the company.
Chrome Safety Check improvements
Google announced that Safety Check for Chrome on desktop will now run automatically in the background, proactively alerting users if saved passwords have been compromised or if potentially harmful extensions are detected. Safety Check will also revoke the permissions of sites that have not been visited in a long time.
NASA releases guidance for space mission security
The National Aeronautics and Space Administration (NASA) has released its first Space Security Best Practices Guide, meant to improve space mission security for both public and private sectors. The agency welcomes feedback from the community to include in future iterations of the guidance.
GAO report on medical device cybersecurity
A report from the US Government Accountability Office highlights that while vulnerabilities in medical devices are not commonly exploited, they can still pose a risk to hospitals and their patients. The agency recommends that the 5-year-old formal agreement between the FDA and the cybersecurity agency CISA, which collaborate on security guidance for device manufacturers and public alerts, should be updated to improve coordination and clarify roles.
Security firm executive arrested in Kazakhstan at request of US will be extradited to Russia
Nikita Kislitsin, a senior executive at FACCT, the Russian spinoff of Group-IB, will be extradited by Kazakhstan to Russia, despite being arrested there at the request of the United States, where he is wanted for allegedly buying personal information obtained through the 2012 LinkedIn hack.
TikTok blames bug for iPhone users being asked to provide passcodes
TikTok claims that a bug was to blame for iPhone users being prompted to provide their passcodes and that the issue has been resolved. The issue was related to an update rolled out in the US and impacted only a small number of users.