September 20, 2024 at 08:51AM
SecurityWeek’s roundup presents noteworthy cybersecurity stories that may have gone unnoticed. This week’s highlights include settlements for data breaches at 23andMe and Disney, a warning about cryptocurrency transfer hijacking, findings from CISA’s assessments, a targeted attack on a US-Taiwan conference, Salesforce’s vulnerability, Rockwell Automation’s patches, North Korean fake employees at US organizations, and Meta’s incomplete WhatsApp privacy patch. Additionally, Microsoft Entra Internet Access has been announced.
Based on the meeting notes, here are the key takeaways from this week’s cybersecurity news roundup:
1. 23andMe Settlement: 23andMe has agreed to pay $30 million in a class action lawsuit over a 2023 data breach, with $25 million expected to be covered by insurance.
2. Disney’s Move: Disney will stop using Slack for in-house company communication following a data breach involving leaked company data.
3. Binance Warning: Binance warns of ‘clipper malware’ being used to steal cryptocurrency funds, with victims suffering significant financial losses.
4. CISA Report: CISA has published findings from risk and vulnerability assessments, indicating that valid accounts and spearphishing links are widely used for obtaining initial access to systems.
5. US-Taiwan Defense Industry Conference Attack: A stealthy fileless attack targeting attendees of a US-Taiwan defense industry conference has been uncovered, with China suspected to be the main perpetrator.
6. Salesforce Vulnerability: Varonis has disclosed a now-patched Salesforce vulnerability that could have been exploited to retrieve sensitive customer information.
7. Rockwell Automation: Patches have been announced for a potential remote code execution vulnerability affecting some RSLogix products.
8. North Korean Fake Employees: North Korean threat actors are seeking to compromise US companies with fake employees, using stolen identities, fake resumes, and AI-enhanced images.
9. Meta WhatsApp Patch: A WhatsApp update was rolled out by Meta to address a privacy issue, but it is considered incomplete.
10. Microsoft Entra: Microsoft has announced the general availability of Microsoft Entra Internet Access, a secure web gateway meant to secure access to internet and SaaS applications and resources.
Let me know if there is anything further I can assist with based on the meeting notes!