1 week ago
6
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
US agency’s employees warned about phone use in light of China hack
The US Consumer Financial Protection Bureau has warned employees that work-related meetings and conversations involving non-public data should only be held on platforms such as Teams and WebEx, not on work-issued or personal phones, the Wall Street Journal reported. The warning comes in light of revelations that a Chinese threat group tracked as Salt Typhoon has hacked into the systems of AT&T, Verizon and other telecoms companies in search of sensitive information.
Lastpass warns of phishing campaign
Password manager Lastpass is warning customers about a phishing campaign that lures potential victims with comments posted on the Lastpass page on the Chrome Web Store. Victims are told to call a number for online support and the person who picks up the phone instructs them to visit a phishing website.
Advertisement. Scroll to continue reading.
Okta vulnerability
Okta recently patched a vulnerability that could be exploited by an attacker to authenticate by providing the username with the stored cache key of a previous successful authentication. Several conditions needed to be met for the exploit to work, including the attacker having a username that exceeded 52 characters. The long username is a good indicator of compromise (IoC).
Data breaches with over 100,000 victims
Two companies disclosed data breaches this week that impacted over 100,000 individuals. Law firm Montlick & Associates informed the Maine attorney general of an incident involving unauthorized access to its network and the exfiltration of files containing personal information, including Social Security numbers. The company has determined that over 138,000 people are impacted.
Separately, custom blinds and shades provider SelectBlinds informed the Maine AG about a data breach impacting more than 206,000 individuals. Cybercriminals planted malware on the company’s website, which enabled them to obtain payment cards and other information belonging to SelectBlinds customers. The malware was on the company’s site for more than eight months.
Chrome 130 security update
Google has released a Chrome 130 security update that patches two high-severity use-after-free vulnerabilities reported by external researchers in September and October. The latest browser iteration is now rolling out as versions 130.0.6723.116/.117 for Windows and macOS, and as version 130.0.6723.116 for Linux.
China’s Volt Typhoon reportedly hacked Singtel
In June, Chinese state-sponsored threat actor Volt Typhoon breached Singapore-based telecommunications provider Singtel, likely as part of a test run for further hacks, which targeted US carriers, Bloomberg reports. Volt Typhoon, previously said to be pre-positioning itself in critical infrastructure networks in preparation for future attacks, reportedly deployed a web shell as part of the Singtel hack.
North Koreans update tools to land remote jobs in the West
The threat actors behind the widespread North Korean fake IT worker schemes uncovered over the past months have been updating the tools used to steal data and leverage it to land remote jobs in the West, Zscaler reports. The attackers have expanded operations across the Windows and macOS operating systems, have infected over 100 devices with updated scripts, and have stolen source code and personal and cryptocurrency information.
Nigerian police arrest 130 suspected cybercriminals
Nigerian police have arrested 130 individuals, including 113 foreigners and 17 locals, suspected of being involved in hacking and other cybercrimes. The foreigners are mainly Chinese and Malaysian nationals.
GuLoader targeting European industrial companies
Industrial organizations in Germany, Kazakhstan, Poland, Romania, and other European countries have been targeted in a recent GuLoader campaign, Cado Security says. Delivered through spearphishing messages that hijack existing email threads or request information on an order, GoLoader is then used to deploy other malware, including remote access trojans (RATs). The attacks feature updated techniques and a complex infection chain meant to evade detection.
HackerOne report: organizations and researchers feel impact from AI
As organizations are improving engagement with the security research community, both sides are pointing out the security risks associated with the rise of generative AI, the latest annual HackerOne report shows. As security researchers begin specializing in AI to meet demand for testing, most organizations believe generative AI will impact their operations but remain confident they can secure its use.
Related: In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log Issues