April 12, 2024 at 10:36AM
SecurityWeek’s cybersecurity news roundup provides a concise summary of noteworthy stories that may not receive full articles but are essential for understanding the cybersecurity landscape. This week’s topics include Russia’s attempts to sabotage European railways, a Nigerian national pleading guilty in a BEC scheme, and critical vulnerabilities in various systems. Women in CyberSecurity report highlights gender disparities in the industry.
From the meeting notes, I have extracted the following key takeaways:
1. Russia attempting to sabotage European railways:
– Russia is alleged to have attempted to hack European rail networks to destabilize the EU and sabotage critical infrastructure.
2. Nigerian national pleads guilty in US to role in BEC scheme:
– Oludayo Kolawole John Adeagb, a Nigerian national, has pleaded guilty to his role in a multi-million dollar Business Email Compromise (BEC) scheme.
3. X rushes to fix URL blunder after phishing warning:
– X, formerly Twitter, hastily reversed a change after the cybersecurity community highlighted its potential for phishing attacks.
4. NSA issues data security guidance:
– The NSA has released guidance for enhancing data security and protecting access to data at rest and in transit, integrating into a comprehensive zero trust framework.
5. Ukrainian hackers target Moscow sewage system:
– A Ukrainian hacker group claims to have targeted a firm operating Moscow’s sewage network, shutting down alarm sensors and allegedly destroying data.
6. Women in CyberSecurity report looks at gender disparities:
– A survey by Women in CyberSecurity (WiCyS) found that workplace experiences of women in cybersecurity are significantly worse than men across several categories.
7. Silently fixed Lighttpd vulnerability exposes Intel and Lenovo servers:
– A previously patched Lighttpd vulnerability has been found to expose Intel and Lenovo servers to attacks due to unpatched AMI MegaRAC BMC software.
8. PasteHub domain seized by law enforcement:
– The anonymous note-sharing service, PasteHub, integrated with the BreachForums cybercrime website, has been seized by law enforcement.
9. Thousands of ecommerce sites exposed to hacking:
– Thousands of ecommerce websites powered by Invision Community are vulnerable to hacking due to a recently patched SQL injection vulnerability.
10. Dam sector concerned after report shows Microsoft’s cybersecurity failings:
– Concerns about the cybersecurity of thousands of dams across the United States due to a report highlighting Microsoft’s cybersecurity failures.
These key takeaways summarize the notable cybersecurity developments from the meeting notes.