In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert

2 weeks ago 13
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

Large US organization targeted by Chinese hackers

Symantec reported that a large US organization with a significant presence in China was hacked by threat actors likely based in China. The attackers had access to its network for four months and their likely goal was intelligence gathering. 

FBI warning on gen-AI used for financial fraud

The FBI this week issued an alert (PDF) on cybercriminals relying on generative artificial intelligence (gen-AI) to commit financial fraud at large scale. Using gen-AI, threat actors quickly generate believable text, fictitious social media profiles, images, audio, video, and other types of content that they then distribute for fraud and extortion, the FBI says.

Advertisement. Scroll to continue reading.

Vodka maker files for bankruptcy in US after ransomware attack

Stoli USA, vodka maker Stoli Group’s US subsidiary, has filed for bankruptcy after its operations were significantly disrupted in an August 2024 ransomware attack that disabled the group’s enterprise resource planning (ERP) system. Originally from Russia, Stoli has been persecuted by the Moscow regime for supporting Ukraine. In July 2024, the group’s Russian subsidiaries were confiscated by the government, Stoli USA said in a regulatory filing.

UK and EU release cybersecurity reports

The UK’s National Cyber Security Centre (NCSC) has published its 2024 Annual Review report, which highlights the agency’s work and the threats faced by the country. Separately, the EU’s cybersecurity agency ENISA has published its first ever report on the state of cybersecurity in the European Union. The report also includes policy recommendations to address identified shortcomings and increase the EU’s level of cybersecurity. 

Open source trends and security challenges described in new Linux Foundation report

The Linux Foundation has published a new report on the use of free and open source software, highlighting several usage trends and security-related aspects, such as the increasing importance of securing individual developer accounts, and the persistence of legacy software. 

Cloudflare services abused for phishing, state-sponsored attacks

Separate reports published this week by Fortra and Recorded Future describe abuse of Cloudflare services. Fortra reported that the internet company’s pages.dev and workers.dev domains are increasingly abused for phishing. Recorded Future found that a Russian state-sponsored threat group named BlueAlpha has targeted Ukraine in attacks involving the use of Cloudflare Tunnels to conceal staging infrastructure used by its malware. 

WAF bypass impacts numerous Fortune 100 companies

Misconfigurations in popular web application firewall (WAF) services can allow threat actors to bypass protections and target web applications and load balancers, Zafran reports. Because modern WAF providers also act as content delivery network (CDN) providers, CND services used as a WAF expose web applications to internet traffic, and improper validation of responses could result in backend applications being directly accessed over the internet. Akamai, Cloudflare, Fastly, Imperva and others are affected, and Zafran mapped 8,000 domains to 36,000 backend servers exposed to the internet.

New CISA resources

The US cybersecurity agency CISA this week released a new version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document, which describes common data schema to ensure consistency across federal agencies, reduce threat surface, increase visibility, and improve response capabilities. 

In partnership with government agencies from Five Eyes countries, CISA also announced an update to its Secure by Design guidance on choosing secure and verifiable technologies, which aims to help procuring organizations and makers of digital products and services to choose and build secure-by-design technologies.

Russian authorities confiscated programmer’s phone and returned it with spyware installed

First Department and Citizen Lab describe the case of a Russian programmer accused by Russian authorities of sending money to Ukraine. After they attempted to recruit him as an FSB informant, they returned his phone with spyware installed on it. The spyware resembles Monokle, which is developed by a Russian company. 

Related: In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses Logs

Related: In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit 

Read Entire Article