SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped beneath the radar.
We offer a priceless abstract of tales that won’t warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to vital coverage modifications and trade reviews.
Listed here are this week’s tales:
Surge in Palo Alto Networks scanning
Menace intelligence agency GreyNoise has seen a 40x surge in scanning geared toward Palo Alto Networks GlobalProtect portals. The corporate informed SecurityWeek that its investigation remains to be in progress, however it has noticed brute-force makes an attempt on the login path ‘/global-protect/login.esp’. Palo Alto Networks has not responded to a request for remark.
Man pleads responsible to hacking former employer
Maxwell Schultz, a 35-year-old man from Ohio, has pleaded responsible to expenses associated to hacking into the community of his former employer. The hacker assault occurred in 2021, after the unnamed firm terminated Schultz’s employment in its IT division. In keeping with the Justice Division, Schultz, who had labored as a contractor, impersonated one other contractor to acquire login credentials. He then used the entry to reset 2,500 customers’ passwords, locking the corporate’s workers and contractors out of their computer systems and inflicting losses of greater than $860,000.Commercial. Scroll to proceed studying.
NSO needs to overturn ruling that bans it from hacking WhatsApp
After a decide ordered it to cease hacking WhatsApp, NSO Group filed an enchantment to overturn the ruling. The spy ware maker managed to persuade a courtroom final month to considerably scale back punitive damages awarded by a jury and now it additionally needs to overturn the order blocking it from focusing on WhatsApp customers, arguing that the corporate will “endure irreparable hurt”.
WEL Firms knowledge breach impacts over 120,000 individuals
American trucking firm WEL Firms has knowledgeable the Maine Legal professional Normal {that a} knowledge breach suffered earlier this 12 months has impacted greater than 120,000 people. The hack was found in late January, and the RansomHub ransomware group took credit score for the assault roughly one month later.
ATM jackpotting
Jackpotting remains to be used to steal cash from ATMs. Police in Fairfax County, Virginia, are searching for a gaggle of suspects who’re believed to have put in malware on an ATM to withdraw money with out inserting a card. The suspects stole $175,000.
PlushDaemon APT makes use of new community implant in assaults
ESET has recognized a brand new community implant that the Chinese language APT tracked as PlushDaemon has been deploying to carry out adversary-in-the-middle (AitM) assaults. Dubbed EdgeStepper, the implant directs DNS queries to a malicious node to hijack all site visitors from reputable infrastructure used for software program updates and serve malicious payloads. Lively since at the least 2018, the APT has focused entities within the US, Taiwan, China, Hong Kong, New Zealand, and Cambodia.
Twitter hacker ordered to repay $5.4 million
Joseph James O’Connor, a UK nationwide convicted over the 2020 hacking of high-profile Twitter accounts, has been ordered by British authorities to repay $5.4 million in Bitcoin, Reuters reviews. O’Connor, 26, was sentenced to jail within the US in 2023, after being arrested in Spain in 2021. British investigators obtained a civil order to grab 42 Bitcoin and different cryptocurrency belongings linked to O’Connor’s actions.
CISA plans aggressive hiring to strengthen defenses towards China
The US cybersecurity company CISA is planning an aggressive hiring marketing campaign to replenish its ranks within the wake of a possible battle with China, Cybersecurity Dive reviews. The company suffers from a 40% workers scarcity in key mission areas and is trying to rent certified personnel by the tip of fiscal 12 months 2026, a latest inside memo reportedly reads. CISA reportedly terminated tons of of individuals in the course of the latest authorities shutdown.
AI second-order immediate injection assault
AppOmni particulars how second-order immediate injection assaults can be utilized to persuade ServiceNow’s Now Help AI brokers to recruit extra highly effective brokers to execute malicious duties, similar to create, learn, replace, and delete (CRUD) actions on report knowledge and sending the contents of the information to exterior electronic mail addresses. The habits is meant, however ServiceNow has up to date its documentation.
Politically delicate subjects set off DeepSeek AI to supply weak code
CrowdStrike found that China’s DeepSeek-R1 produces code containing extra safety vulnerabilities in response to prompts that include subjects thought of politically delicate by Beijing. The output of code containing extreme flaws would improve by as much as 50%, CrowdStrike says. In any other case, the standard of DeepSeek’s code output is similar to that of different AI assistants utilized by builders. Comparable DeepSeek coding bias was reported by CrowdStrike in September.
Associated: In Different Information: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty
Associated: In Different Information: Controversial Ransomware Report, Gootloader Returns, Extra AN0M Arrests
