1 month ago
11
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Singapore’s 2024 OT cybersecurity masterplan
Singapore’s Cyber Security Agency (CSA) has announced an updated operational technology (OT) cybersecurity masterplan. In the updated masterplan, CSA will promote the adoption of Secure-by-Deployment principles.
Russian accused of laundering cryptocurrency for North Korean hackers arrested in Argentina
TRM Labs reported that Argentinian authorities have arrested a Russian national accused of helping hackers and others launder cryptocurrency. Authorities seized millions of dollars in assets from his operation. He is accused of providing services to North Korea’s Lazarus Group, child abusers, and terrorist financiers.
Advertisement. Scroll to continue reading.
Preventing rather than correcting errors in quantum computing
Scientists led by Peng Wei at the California Riverside (UCR) have developed a new superconductor that could be used in quantum computing to reduce decoherence (the loss of qubit stability). Error correction is a current major approach, but this requires a huge increase in qubit numbers to correct the errors. Preventing errors would be an alternative solution. This is expected from the new superconductor. “Our material could be a promising candidate for developing more scalable and reliable quantum computing components,” Wei said.
Travel websites exposed to attacks
An analysis of the top 10 travel and hospitality websites conducted by Cequence showed that increased website traffic during peak seasons coincides with a surge in cyberattacks. The analysis found that a vast majority of these companies have serious vulnerabilities and expose non-production or internal application servers.
Automotive cybersecurity CTF
Automotive cybersecurity firms VicOne and Block Harbor have announced the Automotive Capture the Flag (CTF) 2024 competition. The Automotive CTF challenge provides cybersecurity practitioners a platform for learning and upskilling, and offers more than $100,000 in prizes.
Publicly exposed GenAI development services
Legit Security has analyzed the risks associated with publicly exposed gen-AI development services, specifically vector databases and LLM tools, and found potential data leakage and vulnerabilities.
Mirai botnet infects AVTECH CCTV cameras via zero-day
A Mira-based botnet has been infecting AVTECH CCTV cameras by exploiting a zero-day vulnerability in their brightness function. Tracked as CVE-2024-7029, the bug leads to remote code execution (RCE). In early August, CISA warned that AVTECH had not responded to requests to address the flaw. The botnet, however, targets multiple other vulnerabilities as well, Akamai reports.
Deepfake scam campaigns target users in multiple countries
Palo Alto Networks has uncovered over 170 websites promoting dozens of scam campaigns that rely on deepfake videos to promote fake investment schemes and government-backed giveaways. Each of the websites has been accessed more than 100,000 times, suggesting that millions might have been exposed to the AI-generated deepfakes. The campaigns have targeted individuals in Canada, Czechia, France, Italy, Kazakhstan, Mexico, Singapore, Turkey, and Uzbekistan.
Users in the Middle East targeted with fake Palo Alto GlobalProtect tool
A threat actor has been targeting users in the Middle East with sophisticated malware posing as the legitimate Palo Alto GlobalProtect tool, Trend Micro reports. Likely delivered via phishing, the malware harvests system information and supports the execution of various commands, including PowerShell execution, process creation, and file download/upload.
Related: In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack