SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Mitsubishi Electric completes acquisition of Nozomi Networks
Mitsubishi Electric has officially completed its $ billion acquisition of industrial cybersecurity firm Nozomi Networks. Nozomi will operate independently as a wholly owned subsidiary.
LastPass detects new phishing wave after disrupting attacker infrastructure
LastPass said the threat actors behind a recent backup-themed phishing campaign have sent another wave of emails using similar tactics. While the body of the email remains the same, the links in the new wave have been changed following LastPass’s disruption of the initial infrastructure. “In addition to working with Forta Brand Protection (formerly known as PhishLabs) to conduct takedown operations, LastPass worked directly with hosting providers to remove the relevant sites as quickly as possible,” Mike Kosak, senior principal threat intelligence researcher at LastPass, told SecurityWeek.
CISA withdraws from RSA Conference following leadership change
CISA has announced it will no longer participate in the annual RSA Conference. The decision follows the appointment of Jen Easterly, CISA’s director during the Biden administration, as the conference’s new chief executive. A CISA representative said they “regularly review all stakeholder engagements, to ensure maximum impact and good stewardship of taxpayer dollars.”
CISA outlines product categories for post-quantum cryptography integration
CISA has released a new resource identifying specific technology categories that should begin incorporating post-quantum cryptography (PQC) standards. The guidance highlights systems that rely on cryptography that could be vulnerable to future quantum computing capabilities. The agency aims to assist organizations in prioritizing the transition to quantum-resistant algorithms across critical infrastructure and federal networks.
Acting CISA chief reportedly uploaded sensitive files to ChatGPT
The acting director of CISA, Madhu Gottumukkala, is reportedly under internal review for uploading sensitive government information into a public version of ChatGPT. The incident involved the processing of documents related to agency operations through the AI platform, which typically retains data for model training. Officials are currently assessing the extent of the exposure and the potential impact on agency security protocols.
Google settles voice recording privacy lawsuit for $68 million
Google has reached a $68 million settlement to resolve a legal dispute regarding the unauthorized collection of voice data through its assistant technology. The lawsuit alleged that the company recorded users without their explicit consent, including instances where the assistant was triggered accidentally.
Report finds minority of vulnerability attacks are blocked by hosting providers
A recent study conducted by website security firm PatchStack suggests that a significant majority of common vulnerability exploits are not successfully mitigated by hosting service providers. The data indicates that approximately one-quarter of these attacks are intercepted by built-in host protections, leaving many websites reliant on secondary security measures.
Apple updates platform security guide
Apple has released an updated version of its Platform Security guide, providing technical details on the latest defensive measures for its devices. The documentation includes information on recently implemented protections designed to secure iPhones against certain types of unauthorized access. These updates reflect changes to the underlying hardware and software architecture of the current device lineup.
FBI seizes prominent cybercrime forum RAMP
Federal authorities have taken control of the RAMP cybercrime forum, a platform used by underground actors for various illegal activities. A seizure notice appeared on the site indicating that the operation involved the FBI and international law enforcement partners.
Iowa county settles with security researchers following 2019 arrests
Dallas County, Iowa, has agreed to pay $600,000 to two cybersecurity researchers who were arrested while conducting a state-authorized physical penetration test. The settlement concludes years of legal proceedings following the 2019 incident, where the researchers were charged with burglary despite having a valid contract with the state judicial branch. The case has been widely cited as an example of the legal risks faced by security professionals.
Related: In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
Related: In Other News: FortiSIEM Flaw Exploited, Sean Plankey Renominated, Russia’s Polish Grid Attack
