Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

MITRE publishes comparison of international PQC standards

MITRE has announced that the Post-Quantum Cryptography Coalition (PQCC), which brings together several tech giants, has published a comparison of international post-quantum cryptography (PQC) standards. The goal is to identify alignment and misalignment areas which could pose challenges for international vendor compliance and interoperability.

US Army Special Forces hack building

The US Army revealed that in a recent exercise taking place in Sweden, its Special Forces used disruptive cyber technology to target a building. Specifically, they identified the building’s networks, cracked the Wi-Fi password, and ran exploits on a computer inside the building. This enabled them to manipulate security cameras, door locks, and other security systems.

Advertisement. Scroll to continue reading.

Transport for London cyberattack

Transport for London (TfL), the organization managing London’s transport network, has been hit by a cyberattack. While the attack has not impacted public transport services, some online services have been disrupted for several days, including live travel data. TfL does not believe it was targeted in a ransomware attack and there is no indication that customer data has been compromised. 

CBIZ data breach impacts 9,000 people

Financial, insurance and advisory services firm CBIZ Benefits & Insurance Services has suffered a data breach that involved the exploitation of a vulnerability in one of its web pages. Information related to retiree health and welfare plans may have been compromised, including name, contact information, Social Security number, date of birth, and/or date of death.  The company told the HHS that 9,100 individuals are affected. 

UK takes down website enabling banking anti-fraud bypass

Three UK residents pleaded guilty to operating www[.]OTP[.]Agency, a website that allowed cybercriminals to access personal bank accounts and steal money. The three, Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque, charged subscription fees ranging between £30 (~$40) to £380 (~$500) a week for MFA bypasses and access to Visa and Mastercard verification sites. The three are estimated to have made up to £7.9 million (~$10.4 million). 

OpenSSL and Firefox patches

The latest OpenSSL update patches a moderate-severity vulnerability that can be exploited for DoS attacks. Mozilla has released Firefox 130, which patches several high-severity vulnerabilities.  

FTC warns of Bitcoin ATM scams

The FTC has issued a warning that scammers are increasingly targeting Bitcoin ATMs, or BTMs. BTMs look similar to regular ATMs, but they’re designed for buying or sending cryptocurrency. Scammers are tricking unsuspecting users — by impersonating government organizations or businesses — into depositing their money at BTMs in order to ‘keep it safe’. Victims are instructed to convert cash into cryptocurrency and deposit it in a wallet controlled by the scammers. The FTC says losses have reached $65 million this year.  

38,000 AVTECH CCTV cameras exposed to botnet

Censys has identified roughly 38,000 internet-accessible AVTECH CCTV cameras that are potentially vulnerable to a zero-day vulnerability exploited by a Mira-based botnet. Tracked as CVE-2024-7029 and added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early August, the flaw allows unauthenticated attackers to inject and execute commands on vulnerable devices. The vendor did not respond to CISA’s attempts to get the bug fixed. 

PyPI packages exposed to hijacking technique exploited in the wild

Threat actors are hijacking PyPI packages using a simple yet effective technique called Revival Hijack, JFrog reports. When PyPI projects are removed from the repository, the names of associated packages become available for registration and miscreants are using them to register malicious projects to deceive developers into using them. There are roughly 22,000 packages at risk of hijacking, JFrog says.

X hiring security and safety staff 

X, formerly Twitter, has posted several job openings related to safety and cybersecurity, TechCrunch reported. The company is looking for security engineers, threat intelligence specialists, safety agents, and safety agent supervisors. The move comes two years after the company lost thousands of employees, including key privacy and security executives

Related: In Other News: Automotive CTF, Deepfake Scams, Singapore’s OT Security Masterplan

Related: In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.