SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Japanese man who created ransomware using AI convicted in legal first
In what has been described as a ‘legal first’, a man in Japan has been convicted for creating a piece of malware, specifically ransomware, using artificial intelligence. Authorities said the man did not manage to cause any actual harm with his malware. He received a suspended sentence of three years in prison.
CybaVerse raises £1.1 million
CybaVerse, a UK-based cybersecurity consulting firm and managed security services provider, announced raising £1.1 million ($1.4 million). The company has also announced new hires, including Andreas Wuchner as Chairman and Juliette Hudson as CTO.
CrowdStrike responds to Bloomberg article alleging suspicious contract
CrowdStrike issued a statement in response to a Bloomberg article describing a $32 million contract with Carahsoft Technology, which acts as a middleman between tech companies and the US government. Carahsoft acquired CrowdStrike identity threat protection services for the IRS and has been making payments to the cybersecurity giant even though the agency never acquired the software. This has raised some concerns internally at CrowdStrike, as well as among legal and accounting experts consulted by Bloomberg. In response, the security firm said the order placed by Carahsoft was non-cancellable and it stands by the accounting of the transaction. The company said Bloomberg’s sources are likely disgruntled former employees.
French ISP Free suffers potentially massive data breach
Free, one of France’s largest ISPs, has confirmed suffering a data breach after a cybercriminal offered to sell information allegedly stolen from the company. The hacker claimed to have stolen information pertaining to 19 million customer accounts, including five million with bank account information.
AI vulnerabilities
Protect AI has published its October 2024 vulnerability report, which describes 34 vulnerabilities discovered in AI products. Three of the flaws are critical, allowing manipulation of authentication processes, arbitrary file upload and potential remote code execution, and viewing or deleting users. Separately, Oligo has disclosed the details of six vulnerabilities discovered in the Ollama framework for AI models. The flaws could allow an attacker — with a single HTTP request — to launch DoS attacks, and conduct model poisoning or model theft.
North Korean hackers working with Play ransomware group
A North Korean threat actor tracked as Jumpy Pisces, Andariel and Onyx Sleet is apparently working with the Play ransomware group, according to Palo Alto Networks. The security firm said this is the first observed instance of Jumpy Pisces, which has been indicted by the US for deploying custom ransomware, using existing ransomware infrastructure, potentially acting as an initial access broker or an affiliate of the Play group.
Riskiest connected medical devices
Forescout has conducted an analysis of two million devices housed by 45 healthcare delivery organizations and found 162 vulnerabilities affecting internet of medical things (IoMT) devices. The research found that the top three riskiest types of devices are DICOM workstations and PACS, pump controllers, and medical information systems. It also found that DICOM servers are increasingly targeted by threat actors, with honeypots seeing 1.6 million attacks on these servers.
Microsoft postpones Windows Recall preview to December
Microsoft has been working on addressing privacy and security concerns related to the Windows Recall AI search tool. The company had been planning on making Recall available to Windows insiders in October, but in an update shared on October 31 the tech giant announced that it needs additional time to deliver the promised security and privacy improvements. The Recall preview for insiders on Copilot+ PCs has now been pushed back to December.
FBI conducted over 30 ransomware disruption operations in 2024
The FBI this year conducted over 30 disruption operations targeting infrastructure used in ransomware attacks, according to a top cybersecurity official. It’s unclear exactly which cybercrime groups were targeted.
US removes trade restrictions on Sandvine
In February 2024, the US government banned organizations from trading with Canadian network intelligence firm Sandvine for providing mass surveillance and censorship technology to authoritarian countries. In September, Sandvine announced new ownership, leadership and business strategy and said it had been working with the US government to address concerns. As a result of Sandvine’s ‘significant corporate reforms to protect human rights’, the US has now removed the restrictions it had placed on the company.
Further research into FortiManager zero-day attacks
Darktrace has also analyzed the recent attacks exploiting a zero-day in Fortinet’s FortiManager product. The security firm has confirmed Mandiant’s report that the flaw has been exploited since at least June, but also found evidence of a wider campaign and believes only part of it has been identified to date.
Related: In Other News: Traffic Light Hacking, Ex-Uber CSO Appeal, Funding Plummets, NPD Bankruptcy
Related: In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log Issues