September 6, 2024 at 09:18AM
The SecurityWeek cybersecurity news roundup offers a valuable compilation of noteworthy cybersecurity stories that may not warrant full articles. This week’s stories include MITRE’s comparison of international PQC standards, US Army Special Forces hack, Transport for London cyberattack, CBIZ data breach, UK’s takedown of a banking anti-fraud website, OpenSSL and Firefox patches, FTC warning of Bitcoin ATM scams, AVTECH CCTV cameras exposed to botnet, PyPI packages hijacking, and X (formerly Twitter) hiring security and safety staff.
Based on the meeting notes, here are the key takeaways from this week’s cybersecurity news roundup:
1. MITRE publishes a comparison of international PQC standards to address challenges for international vendor compliance and interoperability in post-quantum cryptography.
2. The US Army Special Forces used disruptive cyber technology to hack a building in Sweden, demonstrating the potential vulnerabilities of security systems.
3. Transport for London (TfL) suffered a cyberattack, impacting online services including live travel data, but public transport services were not affected.
4. CBIZ, a financial services firm, experienced a data breach affecting 9,000 individuals, with compromised information related to retiree health and welfare plans.
5. The UK took down a website enabling banking anti-fraud bypass operated by three individuals who made substantial profits.
6. OpenSSL and Mozilla’s latest updates address vulnerabilities, including a moderate-severity vulnerability in OpenSSL and several high-severity vulnerabilities in Firefox.
7. The FTC issued a warning about scammers targeting Bitcoin ATMs, leading to losses of $65 million this year.
8. Around 38,000 AVTECH CCTV cameras were identified as potentially vulnerable to a zero-day vulnerability, without the vendor responding to fix the bug.
9. Threat actors are hijacking PyPI packages, putting roughly 22,000 packages at risk of exploitation through a technique called Revival Hijack.
10. X (formerly Twitter) is expanding its security and safety staff by posting job openings for security engineers, threat intelligence specialists, and safety agents.
These key stories provide important insights into the current cybersecurity landscape.