May 24, 2024 at 08:04AM
SecurityWeek’s cybersecurity news roundup compiles important stories often overlooked, providing a valuable overview of the cybersecurity landscape. This week’s stories cover spyware found on US hotel check-in systems, cellular network flaws, undersea cable vulnerability, cybersecurity funding, Incognito Market owner’s arrest, NIST’s 2023 report, Iranian group’s attacks, Energy Department funding, AWS secrets leak, White House cyber official’s move to CISA, quantum attack protection, and the UK’s readiness for the China threat.
From the meeting notes provided, we have the following key takeaways:
1. Spyware on check-in systems at US hotels: Consumer-grade spyware, pcTattletale, was found on the check-in systems of several Wyndham hotels, capturing screenshots containing guest details and customer information.
2. SS7 cellular network flaw exploited for spying: A security flaw in the SS7 cellular network protocol has been exploited for spying and tracking individuals in the US.
3. Concerns about undersea cable tampering by China: US officials have warned about the vulnerability of undersea cables to tampering by Chinese repair ships, raising concerns about potential spying activities.
4. Cybersecurity funding in Q1 2024: Despite a drop in the number of deals, the invested capital in cybersecurity increased in the first quarter of 2024, as reported by cybersecurity venture capital firm DataTribe.
5. Arrest of Incognito Market owner: Rui-Siang Lin, also known as Pharoah, was arrested for allegedly operating the Incognito Marketplace, which sold over $100 million in illegal narcotics globally.
6. NIST’s cybersecurity and privacy report for 2023: NIST has published its annual report outlining its involvement in the development of international standards, research, supply chain security, IoT guidelines, and autonomous vehicle projects.
7. Iranian group’s destructive attacks against Israel: Check Point detailed the destructive activities of the Iranian threat group Void Manticore against Israel, including wiper attacks using Windows and Linux malware.
8. Energy Department funding for electric co-ops’ cybersecurity: The National Rural Electric Cooperative Association received $4 million from the US Department of Energy to enhance the cybersecurity posture of electric co-ops.
9. Bitbucket secrets leaked for AWS unauthorized access: Mandiant researchers discovered that secrets leaked from Atlassian’s Bitbucket tool were used for unauthorized access to AWS.
10. Former White House official joining CISA: Jeff Greene, a former senior White House cyber official, will be joining CISA, potentially replacing the executive assistant director for cybersecurity.
11. Federal contractors required to implement quantum attack protection: Companies working with the US government may need to protect their data and technology from quantum computing attacks, with NIST specifying three encryption algorithms for this purpose.
12. UK’s readiness for China threat: Ciaran Martin, former CEO at the UK’s NCSC cybersecurity agency, highlighted concerns about the UK’s preparedness for potential disruption to critical infrastructure by China.
For any further clarification or specific action items related to these stories, please let me know.