SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
USB drive infects hospital’s systems
Check Point provides an in-depth analysis of malware attributed to China-based espionage group Camaro Dragon that infected an European healthcare institution after an employee participated in a conference in Asia. The malware self-propagates through USB drives and landed on the healthcare organization’s systems after the employee’s drive was accidentally infected during the conference.
Political agreement reached on EU cybersecurity regulation
A political agreement has been reached between the European Parliament and the Council of the EU regarding proposed cybersecurity rules whose goal is to boost security in EU institutions, bodies, offices and agencies.
City of Dallas approved $4 million spend to bolster cyber defenses
UK, France issue cybersecurity warnings to law firms
NCSC updates risk management toolbox
The UK National Cyber Security Centre has updated its risk management guidance with three entirely new sections, including a cybersecurity risk management framework, a basic risk assessment and management method, and a risk management toolbox that includes five techniques to deal with risk management.
SolarWinds executives targeted by SEC over supply chain hack
Current and former SolarWinds executives have received a Wells notice from the SEC over the 2020 supply chain hack. The Wells notice indicates that the agency plans on bringing legal action against the executives.
Open source tools released by SEC Consult and Trustwave
SEC Consult has released DNS Analyzer, an open source Burp Suite extension for discovering DNS vulnerabilities in web applications.
Trustwave has released Snappy, an open source tool for detecting rogue and fake 802.11 wireless access points by fingerprinting Beacon Management Frames.
Google Cloud launches GKE Security Posture dashboard
Google Cloud announced the general availability of its Google Kubernetes Engine (GKE) Security Posture dashboard. The dashboard is designed to help streamline the security management of GKE clusters, providing features such as misconfiguration detection and vulnerability scanning.
NanoLock, Otorio and TXOne announce new OT security solutions
NanoLock has announced the general availability of its OT Defender product for North American customers. The industrial cybersecurity product is designed to protect the integrity of manufacturing firms and OT assets from unauthorized access and changes.
TXOne Networks announced Stellar, a solution that leverages Cyber-Physical System Detection and Response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.
Otorio announced the availability of its Attack Graph Analysis technology, which enables organizations to proactively manage vulnerabilities in their OT infrastructure.
Grafana patches critical vulnerability
Open source analytics and monitoring platform Grafana has released patches for a critical vulnerability leading to account takeover and access to sensitive information. Tracked as CVE-2023-3128, the vulnerability leads to authentication bypass when a multi-tenant Azure AD OAuth application is in use.
Juniper releases out-of-band patches
Juniper Networks has released out-of-band JunosOS updates to patch an internally discovered high-severity vulnerability that can allow an unauthenticated, network-based attacker to cause a DoS condition.
Mockingjay process injection technique
Security Joes have revealed a new process injection technique that can be used to evade EDR and XDR detection. Called Mockingjay, the technique abuses Windows libraries that have default read-write-execute (RWX) protections to inject code into processes and avoid using Windows APIs that security solutions typically monitor.