SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

23andMe agrees to $30 million settlement in data breach lawsuit

Personal genetics firm 23andMe has agreed to pay $30 million in cash to settle a class action lawsuit filed over a 2023 data breach impacting millions of individuals. The $30 million payment would settle all claims and $25 million of that amount is expected to be covered by insurance.

Disney to ditch Slack after July data breach

Disney will stop using Slack for in-house company communication, CNBC reports, months after a hack that involved more than a terabyte of company data being leaked to the public.

Binance warns of malware hijacking cryptocurrency transfers

Binance is warning cryptocurrency holders that so-called ‘clipper malware’ has been increasingly used to steal funds. A spike was seen in late August, when victims suffered significant financial losses. When victims make cryptocurrency transfers and copy/paste the recipient’s wallet address, the malware replaces the legitimate address with one belonging to its operators. 

CISA publishes findings from risk and vulnerability assessments

CISA has published a report describing findings from risk and vulnerability assessments conducted in fiscal year 2023. The findings, based on 143 assessments, show that valid accounts and spearphishing links are the most widely used techniques for obtaining initial access to systems. Valid accounts are also used in many cases for persistence, privilege escalation, and defense evasion. 

US-Taiwan defense industry conference targeted in sophisticated attack

Cyble has uncovered a campaign targeting attendees of an upcoming US-Taiwan defense industry conference. It involves a stealthy fileless attack and its goal is the exfiltration of sensitive data. The attack has not been linked to a specific threat actor, but China appears to be the main suspect. 

Salesforce vulnerability exposed sensitive data

Varonis has disclosed the details of a now-patched Salesforce vulnerability that threat actors could have exploited to retrieve sensitive data. The flaw impacted Salesforce’s public link feature and involved manipulation of API calls and SOQL subqueries to retrieve customer information, including personally identifiable information. 

Rockwell Automation patches remote code execution flaw in RSLogix products

Rockwell Automation this week announced patches for a potential remote code execution vulnerability affecting some RSLogix products. Last week, the company published several advisories to inform customers about critical- and high-severity issues affecting various products. The vulnerabilities can lead to DoS attacks, authentication bypass, information disclosure, and arbitrary code execution.  

US organizations flooded with North Korean fake employees

In addition to fake job offers sent over the internet, North Korean threat actors are looking to compromise US companies with fake employees. KnowBe4 reports that hundreds of organizations have hired North Korean fake employees who passed tight scrutiny by using stolen identities, providing fake resumes, and using AI-enhanced images to look more professional. KnowBe4 itself hired such a worker. 

Meta patch for WhatsApp View Once privacy issue incomplete

Meta has rolled out a WhatsApp update to address a privacy issue where content marked as View Once would remain accessible in WhatsApp Web, through browser extensions that specifically modified the View Once flag to false. The fix, however, is incomplete, as the flag can be modified before the content is saved to the database, and Meta has kept radio silence despite attempting to address the issue, researcher Tal Be’ery, who recently disclosed the bug, says.

Microsoft Entra Internet Access now generally available

Microsoft has announced the general availability of Microsoft Entra Internet Access, a secure web gateway in Entra meant to secure access to internet and SaaS applications and resources. Integrating with Entra ID (formerly Azure AD), Microsoft’s cloud-based identity and access management solution, it allows administrators to protect users, devices, and resources from a single solution.

Related: In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams

Related: In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit