SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Former-Uber CSO wants conviction overturned or new trial
Joe Sullivan, the former Uber CSO convicted last year for covering up the data breach suffered by the ride-sharing giant in 2016, has asked an appellate court to overturn his conviction or grant him a new trial. Sullivan was sentenced to three years of probation and Law.com reported this week that his lawyers argued in front of a three-judge panel that the jury was not properly instructed on key aspects.
Microsoft: 15,000 emails with malicious QR codes sent to education sector every day
According to Microsoft’s latest Cyber Signals report, which focuses on cyberthreats to K-12 and higher education institutions, more than 15,000 emails containing malicious QR codes have been sent daily to the education sector over the past year. Both profit-driven cybercriminals and state-sponsored threat groups have been observed targeting educational institutions. Microsoft noted that Iranian threat actors such as Peach Sandstorm and Mint Sandstorm, and North Korean threat groups such as Emerald Sleet and Moonstone Sleet have been known to target the education sector.
Protocol vulnerabilities expose ICS used in power stations to hacking
Claroty has disclosed the findings of research conducted two years ago, when the company looked at the Manufacturing Messaging Specification (MMS), a protocol that is widely used in power substations for communications between intelligent electronic devices and SCADA systems. Five vulnerabilities were found, allowing an attacker to crash industrial devices or remotely execute arbitrary code.
Dohman, Akerlund & Eddy data breach impacts 82,000 people
Accounting firm Dohman, Akerlund & Eddy (DA&E) has suffered a data breach impacting over 82,000 people. DA&E provides auditing services to some hospitals and a cyber intrusion — discovered in late February — resulted in protected health information being compromised. Information stolen by the hackers includes name, address, date of birth, Social Security number, medical treatment/diagnosis information, dates of service, health insurance information, and treatment cost.
Cybersecurity funding plummets
Funding to cybersecurity startups dropped 51% in Q3 2024, according to Crunchbase. The total amount invested by venture capital firms into cyber startups dropped from $4.3 billion in Q2 to $2.1 billion in Q3. However, investors remain optimistic.
National Public Data files for bankruptcy after massive breach
National Public Data (NPD) has filed for bankruptcy after suffering a massive data breach earlier this year. Hackers claimed to have obtained 2.9 billion data records, including Social Security numbers, but NPD claimed only 1.3 million individuals were impacted. The company is facing lawsuits and states are demanding civil penalties over the cybersecurity incident.
Hackers can remotely control traffic lights in the Netherlands
Tens of thousands of traffic lights in the Netherlands can be remotely hacked, a researcher has discovered. The vulnerabilities he found can be exploited to arbitrarily change lights to green or red. The security holes can only be patched by physically replacing the traffic lights, which authorities plan on doing, but the process is estimated to take until at least 2030.
US, UK warn about vulnerabilities potentially exploited by Russian hackers
Agencies in the US and UK have released an advisory describing the vulnerabilities that may be exploited by hackers working on behalf of Russia’s Foreign Intelligence Service (SVR). Organizations have been instructed to pay close attention to certain vulnerabilities in Cisco, Google, Zimbra, Citrix, Microsoft, Apache, Fortinet, JetBrains, and Ivanti products, as well as flaws found in some open source tools.
New vulnerability in Flax Typhoon-targeted Linear Emerge devices
VulnCheck warns of a new vulnerability in the Linear Emerge E3 series access control devices that have been targeted by the Flax Typhoon botnet. Tracked as CVE-2024-9441 and currently unpatched, the bug is an OS command injection issue for which proof-of-concept (PoC) code exists, allowing attackers to execute commands as the web server user. There are no signs of in-the-wild exploitation yet and not many vulnerable devices are exposed to the internet.
Tax extension phishing campaign abuses trusted GitHub repositories for malware delivery
A new phishing campaign is abusing trusted GitHub repositories associated with legitimate tax organizations to distribute malicious links in GitHub comments, leading to Remcos RAT infections. Attackers are attaching malware to comments without having to upload it to the source code files of a repository and the technique allows them to bypass email security gateways, Cofense reports.
CISA urges organizations to secure cookies managed by F5 BIG-IP LTM
The US cybersecurity agency CISA is raising the alarm on the in-the-wild exploitation of unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to identify network resources and potentially exploit vulnerabilities to compromise devices on the network. Organizations are advised to encrypt these persistent cookies, to review F5’s knowledge base article on the matter, and to use F5’s BIG-IP iHealth diagnostic tool to identify weaknesses in their BIG-IP systems.
Related: In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks
Related: In Other News: Doxing With Meta Ray-Ban Glasses, OT Hunting, NVD Backlog
