SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
400 organizations named a CVE Numbering Authority
The number of CVE Numbering Authorities (CNAs) has reached 400, but not all of them are actively publishing advisories, according to an analysis by Socket. The analysis also shows which CNAs provide the most complete vulnerability information in their reports.
Transitive vulnerabilities in application security
OX Security has conducted an analysis of transitive vulnerabilities, the security holes introduced by transitive dependencies in software components (ie. each component can have other components which can rely on other components). OX Security has looked at the likelihood of exploitation of different vulnerability classes, and how risks can be reduced.
New variant of Gafgyt botnet exploits GPU power and cloud native environments
Aqua Security has come across a new variant of the Gafgyt DDoS botnet, which mines cryptocurrency with GPU power and targets cloud native environments. The botnet targets devices with weak SSH passwords.
Ransomware group uses EDR killer
Sophos reported that cybercriminals who deliver RansomHub ransomware have been spotted using a tool designed to kill endpoint detection and response (EDR) systems on compromised devices. Sophos has named the tool EDRKillShifter.
Crash reports can be an invaluable source of information
Apple device security expert Patrick Wardle showed in a presentation at the recent Black Hat conference that crash reports, which are often overlooked, can be an invaluable source of information. Crash reports can provide useful information about bugs and even malware.
Schlatter cyberattack
Swiss industrial welding and weaving machine manufacturer Schlatter Group has been targeted in a cyberattack. The attack involved malware, and cybercriminals are attempting to blackmail the company, which suggests that Schlatter was targeted in a ransomware attack. An investigation aims to determine whether any data was stolen.
Russian government and firms targeted in CloudSorcerer attacks
Kaspersky reported that a threat actor tracked as CloudSorcerer has been targeting Russian government organizations and IT companies. The campaign has been named EastWind. Links have been found between some of the tools used by CloudSorcerer and tools previously tied to Chinese threat groups.
ValleyRAT campaign targeting Chinese speakers
Fortinet has published a deep dive into an ongoing ValleyRAT campaign targeting Chinese speakers. The malware enables threat actors to monitor the victim’s activities and deliver other malware and plugins. ValleyRAT has been attributed to an APT group named Silver Fox.
States secure $4.5 million from biotech company following ransomware attack
Biotech company Enzo Biochem has agreed to pay $4.5 million to the attorneys general of New York, New Jersey and Connecticut. The AGs claim the company had poor data security practices, which came to light in 2023, when a ransomware group breached the company’s systems and stole information on 2.4 million individuals.
NetSuite issue can expose sensitive data
A common Oracle NetSuite misconfiguration can lead to the exposure of sensitive data, AppOmni reported. Thousands of SuiteCommerce websites are impacted, often exposing personal information of customers, including addresses and phone numbers.
Related: In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims
Related: In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
