In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program

In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Threat actor abuses BitLocker to encrypt partitions

Kaspersky has observed a threat actor repurposing the legitimate Windows BitLocker feature as ransomware. As part of the attacks, a VBS script is deployed on the system to resize local drives, disable protections for BitLocker’s encryption keys and delete them to prevent recovery, create a new encryption key, enable BitLocker on drives, and shut down the machine. 

Personal data of Indian military and police exposed

A database containing more than 1.6 million documents belonging to a biometric authentication provider in India was found unprotected on the internet. The dataset contains information about members of the Indian army and police, railway workers, and teachers. The publicly exposed data was also found for sale on the dark web.

Advertisement. Scroll to continue reading.

Vulnerability in AI-as-a-service Replicate leading to data leaks

A vulnerability in Replicate, an AI-as-a-service platform, could have allowed attackers to deploy malicious models and access sensitive data in other containers, Wiz reports. Reported and addressed in January 2024, the issue existed because, while controls were in place for isolation purposes, the sharing of network namespaces could have allowed malicious containers to eavesdrop on the unencrypted traffic of other containers in the same namespace.

New MOU to bolster cybersecurity collaboration in electric sector

The National Rural Electric Cooperative Association and the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center have signed a memorandum of understanding (MOU) to improve electric sector cybersecurity by prioritizing the sharing of intelligence about cyber incidents, security threats, and vulnerabilities.

Wi-Fi-based positioning systems used for surveillance

Academic researchers have demonstrated how Apple’s Wi-Fi-based positioning system (WPS) can be abused to collect a worldwide snapshot of Wi-Fi BSSID (Basic Service Set Identifier) geolocations and to track devices’ movements in a setup that can be used for global surveillance. 

Chinese cyberspies target political entities in the Middle East, Africa and Asia

A Chinese APT has been targeting at least seven government entities in the Middle East, Africa and Asia in a cyberespionage campaign dubbed Operation Diplomatic Specter, which has been ongoing since at least late 2022. Focused on the theft of sensitive and classified information, the attacks employed previously undocumented backdoors, such as TunnelSpecter and SweetSpecter.

GLOBALTRUST 2020 certificates removed from Chrome root store 

GLOBALTRUST 2020 certificates will be removed from the Chrome root store, Chrome maintainers announced recently. E-commerce Monitoring GmbH, the issuer of the certificates, has been failing to disclose and respond to incidents. Starting with Chrome 124, TLS server authentication certificates validating to GLOBALTRUST 2020 with a Signed Certificate Timestamp (SCT) dated after June 30, 2024, will no longer be trusted by default.

BlackSuit ransomware attack analysis

Reliaquest has published an analysis of a BlackSuit ransomware attack that involved the encryption of critical systems and the exfiltration of sensitive data. The company has looked at the tools, tactics and techniques used by the cybercriminals to achieve their goals. BlackSuit has been active since May 2023, targeting companies in the US in sectors such as education and industrial. 

Canadian government seeking backdoors

Canadian lawmakers have prepared a federal cybersecurity bill, Bill C-26, which will pass through Parliament soon, that gives the government the power to secretly order telecoms companies to install backdoors that facilitate government surveillance.

NIST launches Assessing Risks and Impacts of AI (ARIA) program

NIST has announced a new program, named Assessing Risks and Impacts of AI (ARIA), whose goal is to assess the societal risks and impacts of AI. The program should help determine whether an AI technology will be valid, reliable, fair, safe, secure and private once it’s deployed. 

LilacSquid data theft campaign

Cisco Talos is warning that software developers in the US, energy organizations in Europe, and the pharmaceutical sector in Asia have been targeted in a sophisticated data theft campaign named LilacSquid. The attackers, described as an APT, are leveraging malware named PurpleInk, InkBox and InkLoader to achieve their goals.  

Related: In Other News: China’s Undersea Spying, Hotel Spyware, Iran’s Disruptive Attacks

Related: In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack

You must be logged in to post a comment Login