SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Old Windows vulnerability exploited by Chinese hackers
Chinese hacking group APT41 has leveraged an old Windows vulnerability tracked as CVE-2018-0824 in attacks delivering malware to a Taiwanese government-affiliated research institute, Cisco Talos reported. Following Talos’ report, CISA added the flaw to its Known Exploited Vulnerabilities Catalog.
Cyber Threat Intelligence Capability Maturity Model
More than two dozen cybersecurity industry leaders have joined forces to create the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), a vendor-agnostic resource designed for all organizations across the threat intelligence industry. The new maturity model aims to bridge the gap between cyber threat intelligence programs and organizational objectives.
Vulnerabilities in Johnson Controls exacqVision allow hijacking of security camera video streams
Nozomi Networks has disclosed information on six vulnerabilities discovered in Johnson Controls’ exacqVision IP video surveillance product. The flaws can allow hackers to gain access to the system and hijack video streams from impacted surveillance cameras. CISA has published individual advisories for each of the vulnerabilities.
‘0.0.0.0 Day’ vulnerability allows malicious websites to breach local networks
A vulnerability dubbed 0.0.0.0 Day, related to the 0.0.0.0 IP associated with the local host, can allow malicious websites to bypass browser security and interact with services on the local network. All major browsers are impacted and an attacker can interact with software running locally on Linux and macOS systems. Browser makers are working on addressing the risks.
CrowdStrike 2024 Threat Hunting Report
CrowdStrike has published its 2024 Threat Hunting Report based on data collected from tracking over 245 threat groups. The company has seen an 86% increase in hands-on-keyboard activity, and a 70% increase in adversaries exploiting remote monitoring and management (RMM) tools.
Vulnerabilities in KnowBe4 products
Pen Test Partners claims to have found serious remote code execution and privilege escalation vulnerabilities in three products offered by cybersecurity firm KnowBe4, specifically in Phish Alert Button, PasswordIQ, and Second Chance. Pen Test Partners has described its findings, claiming that KnowBe4 downplayed the potential impact of the vulnerabilities. KnowBe4 has not responded to SecurityWeek’s request for comment.
Police recover $40 million lost by company in BEC scam
Interpol announced that law enforcement has managed to recover more than $40 million lost by a company in Singapore as a result of a BEC scam. The money was transferred to accounts in the Southeast Asian nation of Timor Leste. Local authorities arrested seven suspects.
SEC ends MOVEit probe
The SEC announced that it has ended its investigation into Progress Software over the MOVEit hack. The SEC said it does not intend to recommend an enforcement action against the company at this time.
Royal ransomware group rebrands as BlackSuit
CISA and the FBI announced that the ransomware group known as Royal has rebranded as BlackSuit. The agencies said the cybercriminals have demanded over $500 million in total, with the largest individual ransom demand being $60 million.
SOCRadar responds to hacking claims
Security firm SOCRadar has responded to claims by a hacker who allegedly extracted over 330 million email addresses from the company. SOCRadar said its systems were not breached and there was no unauthorized access to customer data. Its probe showed that the hacker gained access to some data by acquiring a license under a legitimate company’s name. This gave the attacker access to information and functionality just like any other customer. The hacker is known to make exaggerated claims.
Exposed token could have led to major Python supply chain attack
JFrog researchers discovered an exposed token that provided access to GitHub repositories of Python, PyPI and the Python Software Foundation. The PyPI security team revoked the token within 17 minutes of being notified. An attacker could have leveraged the token for an “extremely large scale supply chain attack”. Details were published by both JFrog and the PyPI developer who accidentally leaked the token.
US charges man who helped North Korean IT workers
The US Justice Department has charged a man from Nashville, Tennessee, for helping North Koreans get remote IT jobs at American and British companies by running a laptop farm. Even cybersecurity companies have unwittingly hired North Korean IT workers. A woman from the US was also charged earlier this year for helping North Korean IT workers infiltrate hundreds of US firms.
Related: In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
Related: In Other News: FBI Cyber Action Team, Pentagon IT Firm Leak, Nigerian Gets 12 Years in Prison
