March 22, 2024 at 11:36AM
SecurityWeek compiles cybersecurity news, featuring stories often overlooked. This week highlights discoveries including keyboard typing sounds exposing sensitive data, ICS attacks in the second half of 2023, DHS unveiling an AI roadmap, Ukrainian hackers arrested, Google’s post-quantum cryptography threat model, and more. Additionally, Google is offering rewards for improving its Tsunami network security scanner.
From the meeting notes, it is clear that the following are the notable cybersecurity stories for this week:
1. Acoustic Side-Channel Attack: Research reveals a new acoustic side-channel attack using the sounds made by a keyboard to obtain sensitive user data with a 43% success rate.
2. ICS Attacks Report: Kaspersky releases a report on ICS threats indicating that approximately 31% of protected ICS computers were targeted in the second half of 2023.
3. DHS AI Roadmap: The US Department of Homeland Security shares its Artificial Intelligence Roadmap, outlining how AI technologies could help protect privacy, civil liberties, and deliver essential goods and services, and announces three pilot programs to assess the efficacy of AI.
4. Ukrainian Hackers Arrest: Ukrainian police arrest individuals involved in stealing and attempting to sell over 100 million email and Instagram account credentials, seizing computer equipment and more than $3,000 in cash.
5. Google’s Post-Quantum Cryptography: Google discusses its threat model for post-quantum cryptography, noting the main risk for a cryptographically relevant quantum computer within a 10-15 year timeframe.
6. Google’s Rewards Program: Google offers rewards for AI-focused improvements to its Tsunami network security scanner, seeking help in securing open source AI infrastructure.
7. Zoom’s Compliance Manager: Zoom launches its Compliance Manager to help organizations meet regulatory requirements and mitigate communications compliance risks across the platform.
8. Chinese Integrated Operations Platform and Hacking: BishopFox details the integrated operations platform of Chinese company I-Soon and Mandiant observes Chinese hacking groups targeting defense contractors and government entities.
9. Zephyr OS Vulnerability: A vulnerability in Zephyr OS renders protections against IP address spoofing attacks useless, exposing the operating system to DoS attacks.
10. DHCP Administrators’ Privilege Escalation: Akamai discovers that DHCP administrators in Active Directory environments can leverage the DHCP server role to escalate privileges and potentially compromise the entire domain.
These are the key takeaways from this week’s cybersecurity news roundup.