SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Spyware found on check-in systems at US hotels
Consumer-grade spyware has been detected on the check-in systems of several Wyndham hotels across the US, TechCrunch reports. The spyware app, called pcTattletale, stealthily captures screenshots of the hotel booking system. Due to a flaw in the spyware, the screenshots, which contain guest details and customer information, are accessible from the internet to anyone who knows how to look for them.
Cellular network flaw exploited for spying, official warns
Cybersecurity researchers have long warned about the risks associated with the use of the SS7 cellular network protocol. A US official now says a flaw that allows spying has been used many times to track individuals in the US.
US concerned China targeting undersea cables for spying
US officials are warning telecommunications companies that undersea cables carrying internet traffic across the Pacific Ocean could be vulnerable to tampering by Chinese repair ships, the WSJ reports.
Cybersecurity funding in Q1 2024
The volume of deals dropped in the first quarter of 2024, but the invested capital increased, according to the latest report from cybersecurity venture capital firm and incubator DataTribe.
Incognito Market owner arrested
The Justice Department announced the arrest of Rui-Siang Lin, aka Pharoah, the alleged operator of the Incognito Marketplace, which sold more than $100 million in illegal narcotics to people around the world.
NIST releases cybersecurity and privacy report for 2023
NIST has published its annual cybersecurity and privacy report for 2023, which outlines the organization’s involvement in the development of international standards, its research and practical applications, its software and supply chain security accomplishments, its work on IoT guidelines, and its autonomous vehicle projects.
Iranian group’s destructive attacks against Israel
Check Point has published a report detailing the activities of the Iranian threat group Void Manticore against Israel, which include destructive wiper attacks and influence operations. The wiper attacks involve Windows and Linux malware, as well as the manual deletion of files.
$4 million Energy Department funding for electric co-ops
The National Rural Electric Cooperative Association has been awarded $4 million by the US Department of Energy to launch a project whose goal is to advance the cybersecurity posture of electric co-ops. Organizations will be provided with new tools that will help them with cyberattack detection, response and recovery.
Secrets leaked by Bitbucket used for unauthorized access to AWS
Mandiant researchers discovered during an investigation into the exposure of AWS secrets that secrets leaked from Atlassian’s Bitbucket tool have been leveraged by threat actors for unauthorized access to AWS.
Former senior White House cyber official to join CISA
Jeff Greene, a former senior White House cyber official and current cybersecurity programs director at the Aspen Institute, will be joining the cybersecurity agency CISA next month. Some believe he will be replacing Eric Goldstein, CISA’s executive assistant director for cybersecurity, who is leaving the organization for a private sector role. However, CISA could not confirm that Greene is replacing Goldstein.
Federal contractors required to implement quantum attack protection
Companies working with the US government may be required to start protecting their data and technology from quantum computing attacks as soon as July, Bloomberg reports. NIST will specify three types of encryption algorithms that can provide protection against quantum attacks.
UK is not ready for China threat
At the DTX conference in Manchester, Ciaran Martin, former and founding CEO at the UK’s NCSC cybersecurity agency, said, according to The Guardian, “The UK has not paid enough attention to a gamechanging warning from the US that China is planning disruption to key critical infrastructure,” adding, “We should be clear where our red lines are and disruption of civilian infrastructure should be a red line.”
Related: In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack
Related: In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
This post was originally published on 3rd party site mentioned in the title of this site