1 month ago
13
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Team Software data breach impacts 100,000 people
Business software maker Team Software (WorkWave) revealed this week that a recent data breach impacts nearly 100,000 individuals. The company said it detected unauthorized access to its network in late July and an investigation showed that the compromised systems stored personal information.
DDoS attack disrupts credit card readers in Israel
A DDoS attack disrupted credit card readers at gas stations and supermarkets in Israel. The provider impacted by the attack, Hyp Credit Guard, said the attack lasted for roughly one hour and targeted its services as well as communication suppliers. The company said it quickly managed to block the attack.
Advertisement. Scroll to continue reading.
Researcher finds many macOS sandbox escape vulnerabilities
Researcher Mickey Jin has discovered more than 10 macOS sandbox escape vulnerabilities related to what he described as an overlooked attack surface involving XPC services. Apple was informed about the findings and patched a majority of them, but the researcher says there are still a few that are in the process of being fixed. Sandbox escapes are very valuable to threat actors as they increase the impact of remote code execution vulnerabilities, which would otherwise be constrained to the sandbox environment.
TSA proposes cyber risk management and reporting requirements for pipelines and railroads
The TSA has proposed a new rule that would require pipeline and railroad owners and operators to establish cyber risk management programs. These surface transportation entities would also have to report cybersecurity incidents to the cybersecurity agency CISA.
Microsoft Visio files abused in phishing attacks
Perception Point has seen cybercriminals leveraging a new type of two-step phishing attack that involves Microsoft Visio files (.vsdx) and SharePoint to evade detection. The attacks start with emails sent out from compromised accounts. The emails deliver links to SharePoint pages that host Visio files, which redirect users to Microsoft credential phishing pages. Hundreds of organizations worldwide have been targeted.
Black hat SEO in Japan
Trend Micro in collaboration with academics and authorities in Japan conducted research into threat groups specializing in black hat search engine optimization (SEO), including their malware and poisoning attacks. The threat actors’ goal is to lure users to fake e-commerce sites.
Hamas-linked hackers expand from espionage to disruptive attacks
Wirte, a Hamas-linked threat actor, has expanded its operations, from espionage to disruptive attacks involving wiper malware, according to Check Point. The security firm said it found “clear links” between a custom malware used by Wirte and a wiper that was used to target Israeli entities in attacks observed in February and October 2024.
North Korea-linked macOS malware abuses Flutter
Jamf researchers found malware samples that abuse Flutter, Google’s open source UI software development kit, to obfuscate malicious code. The malware targets macOS and it has been linked to North Korean hackers. The researchers said it’s possible that the malware wasn’t actually used in attacks and instead it’s part of tests conducted by the hackers to see if they can bypass detection and pass Apple’s notarization.
Three individuals arrested and charged in US over SIM swapping
Three residents of Indiana have been arrested and charged over their alleged roles in a SIM swapping operation. The suspects are Indigo Kiara Graham, Cortez Tarmar Crawford, and Trevon Demar Allen. According to authorities, the defendants created fraudulent IDs in victims’ names, performed SIM swaps in exchange for money, and obtained 2FA codes. The SIM swapping ultimately allowed money and data theft, with some victims being extorted for restoring access to data.
New real-time protections in Android
Google this week announced two new real-time protection features in Android, namely Scam Detection in Phone and Google Play Protect live threat detection. The former, now rolling out to Pixel devices, uses on-device AI to notify users of potential scam calls by detecting conversation patterns commonly associated with scams. The latter, available for Pixel 6 and later devices, analyzes the activity patterns of apps to deliver real-time alerts on potential harmful software, with an initial focus on stalkerware.