August 23, 2024 at 09:51AM
SecurityWeek’s cybersecurity news roundup provides a concise compilation of significant stories, including threats like fake domains targeting Cado Security and Android malware aiding ATM theft. Other highlights are QNAP’s enhanced NAS security, FlightAware’s data exposure, FAA’s proposed airplane cybersecurity rules, Iranian hackers targeting US entities, and vulnerabilities in Microsoft Entra ID and Slack AI. Cisco Talos also uncovered North Korea’s MoonPeak malware.
Based on the meeting notes, here are the key takeaways from this week’s cybersecurity news roundup:
1. Threat actor creates fake Cado Security domain and social media account
– A threat actor registered a typosquatted domain targeting Cado Security, indicating potential preparations for a phishing attack. The actor also created a fake Cado Security account on a social media platform, targeting multiple tech companies.
2. NGate Android malware facilitates ATM cash theft
– ESET discovered the NGate Android malware, used to steal cash from ATMs by obtaining NFC data from victims’ physical payment cards and relaying it to attackers. The cybercrime operation may have been disrupted following the arrest of a suspect.
3. QNAP enhances product security to combat ransomware attacks
– QNAP has added new security features to its QTS operating system for NAS products to prevent ransomware attacks, including monitoring file activities and supporting self-encrypting drives.
4. FlightAware exposed customer data
– FlightAware informed customers about data exposure due to a configuration error, potentially compromising various personal information and account details of users since 2021.
5. FAA proposes new cybersecurity rules for airplanes
– The FAA is seeking public comment on new design standards aimed at addressing cybersecurity threats to airplanes, aiming for harmonized and standardized cybersecurity certification criteria.
6. GreenCharlie: Iranian hackers target US political entities with malware and phishing
– Recorded Future reported Iranian threat group GreenCharlie targeting US political and government entities using sophisticated phishing attacks and malware.
7. Microsoft Entra ID vulnerability
– Cymulate identified a vulnerability affecting Microsoft Entra ID, requiring local admin privileges to exploit. Microsoft plans to address the issue but does not view it as an urgent vulnerability.
8. Data exfiltration via Slack AI
– Prompt Armor detailed an attack method involving the abuse of Slack AI to exfiltrate data from private channels. Slack has been notified but determined no action is currently warranted.
9. North Korea’s MoonPeak malware
– Cisco Talos analyzed new infrastructure used by a North Korean threat actor following the discovery of MoonPeak, a RAT based on the open source XenoRAT malware that is actively being developed.
These are the key highlights and stories from the recent cybersecurity news roundup. Let me know if you need further details on any specific story.