June 14, 2024 at 10:27AM
SecurityWeek curates a weekly roundup of cybersecurity stories, focusing on diverse developments like Chinese cyberspies hacking Fortinet devices, a White House initiative to secure rural hospitals, vulnerabilities in biometric access systems, ICS malware Fuxnet, EU’s encryption backdoor push, and more. Microsoft will evaluate employees’ cybersecurity work for compensation. US federal agencies reported 32,000+ cybersecurity incidents.
From the meeting notes provided, I have derived a curated summary of this week’s cybersecurity developments:
1. Dutch agencies revealed a large-scale cyberespionage campaign exploiting a Fortinet product vulnerability, affecting at least 20,000 systems.
2. The White House introduced an initiative focusing on improving the security of rural hospital systems, with contributions from Microsoft and Google in the form of free and discounted security products and services.
3. Kaspersky identified multiple vulnerabilities in ZKTeco biometric access systems, potentially enabling unauthorized access and data theft. The vendor’s response to the reported flaws remains unclear.
4. Dragos released a report on Fuxnet, an ICS malware that targeted a Moscow infrastructure firm.
5. A new EU law enforcement report emphasizes finding a balance between privacy and security, particularly in relation to the implementation of encryption backdoors in communications.
6. A proof-of-concept exploit for a recently patched Ivanti EPM vulnerability was released by Horizon3.ai.
7. CISA warned about phone scammers impersonating its employees and clarified that it would never request money or cryptocurrency over the phone.
8. Austrian privacy group NOYB filed a complaint against Google over the company’s use of Privacy Sandbox for user tracking.
9. Microsoft announced that cybersecurity work will now be a factor in employee performance reviews and compensation.
10. A White House FISMA report disclosed that federal agencies reported 32,211 cybersecurity incidents in fiscal year 2023, reflecting a nearly 10% increase from the previous year.
These are the key takeaways from this week’s cybersecurity news roundup.