November 10, 2023 at 11:30AM
This week’s cybersecurity roundup includes stories such as a student charged with hacking a shipping company for a fraud scheme, the US offering rewards for information on Iranian cyber actors, Google introducing banners for independently tested apps, and vulnerabilities found in QNAP products and the Zephyr RTOS. It also covers the evolution of Chinese state-sponsored cyber operations, SolarWinds’ response to SEC charges, concerns about a new EU regulation enabling government surveillance, and SentinelOne’s acquisition of the Krebs Stamos Group.
From the meeting notes, here are the key takeaways:
1. A University of Miami student has been charged with hacking a shipping company’s employee accounts as part of a $3.5 million fraud scheme, involving buying expensive items and fraudulently claiming full refunds.
2. The US State Department is offering rewards of up to $10 million for information on Iranian cyber actors who have interfered in US elections and targeted critical infrastructure.
3. Google has introduced a new banner for Google Play applications that have undergone independent security testing, starting with VPN applications.
4. CISA has released guidance on when organizations should issue Vulnerability Exploitability eXchange (VEX) information to share information about vulnerabilities and assess associated risks.
5. QNAP has alerted customers about critical vulnerabilities in its products, including flaws that can be exploited for remote code execution.
6. A researcher has discovered a dozen vulnerabilities in the Zephyr real-time operating system (RTOS), which can be exploited for DoS attacks, arbitrary code execution, and more.
7. Recorded Future has published a report on the evolution of Chinese state-sponsored cyber operations, emphasizing a shift towards more targeted approaches supporting strategic, economic, and geopolitical goals.
8. SolarWinds has responded to SEC charges related to their cybersecurity practices leading up to the massive breach, describing the lawsuit as flawed and sharing information to refute false claims.
9. The EFF has issued a warning about a new EU regulation called eIDAS 2.0, which could allow governments to intercept HTTPS communications by forbidding browsers from enforcing certain security requirements on government-appointed CAs.
10. SentinelOne has acquired the Krebs Stamos Group, founded by Chris Krebs and Alex Stamos, and launched a new strategic risk analysis and advisory group called PinnacleOne.
Please let me know if you need any additional information or if there’s anything else I can assist you with.