In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility – SecurityWeek

3 minutes, 7 seconds Read

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:   

IBM opens new cyber response training facility

IBM has launched a new X-Force Cyber Range in Washington, DC. The new cyber response training facility provides custom training exercises for federal agencies, their suppliers and critical infrastructure organizations. The simulations can help organizations find gaps in their incident response plans, learn how to investigate cyberattacks, and gain insight into the mind of threat actors. 

Google terminates thousands of accounts used for influence operations

Google has terminated thousands of accounts used for coordinated influence operations. The company’s latest quarterly TAG bulletin reveals that it targeted domains, Ads accounts, and YouTube channels that were part of operations linked to China, Indonesia, Kuwait, Turkey, Israel and Italy. 

Advertisement. Scroll to continue reading.

Updates on Microsoft’s Secure Future Initiative

Microsoft has shared updates on its recently launched Secure Future Initiative. The steps taken by the company to boost the security of its infrastructure through this initiative include passing much of its code through the CodeQL security analysis engine, donations to the Rust and Alpha-Omega projects, and expanding use of its Microsoft Authentication Library (MSAL).

CISA and NSA release cloud security resources 

CISA and the NSA have published five cybersecurity information sheets focusing on cloud security. The resources cover identity and access management, key management, network segmentation and encryption, data protection, and managed service provider risk mitigations. 

NSA guidance on zero trust maturity

The NSA published new guidance (PDF) on achieving zero trust maturity through the network and environment pillar, an integral part of the zero trust security model. The guide defines network and environment security and provides recommendations on improving security through data flow mapping, macro and micro segmentation, and software defined networking.

Font vulnerabilities

Canva researchers have discovered several vulnerabilities related to the way fonts are handled. The flaws can allow XXE attacks and arbitrary command execution. Each vulnerability has been patched. 

Google AI hacking earns researchers $50,000

Researchers said they earned a total of $50,000 for finding and demonstrating vulnerabilities in Google’s Bard AI (now called Gemini) as part of a hacking competition. The security issues they discovered could have led to user data exfiltration, DoS attacks, and access to a targeted user’s uploaded images.

Network tunneling with QEMU

Kaspersky researchers have analyzed an attack where threat actors abused the QEMU machine emulator for network tunneling. Network tunnels between victim systems and the adversary’s servers can be used to bypass NAT and firewalls to gain access to internal systems. QEMU does not use any extra encryption when tunneling traffic and instead transmits encapsulated packets unencrypted.

Capita discloses £25M ($32M) costs related to 2023 cyberattack

British outsourcing company Capita says that the ransomware attack it fell victim to in March 2023 incurred net costs of £25 million (~$32 million), representing professional fees, recovery and remediation costs, and investments in improving its cybersecurity. For 2023, the company reported (PDF) £106.6 million ($135.5 million) in losses. 

UniCredit bank fined $3.1 million for data breach

The Italian bank UniCredit has been fined by the country’s data protection authority over a 2018 data breach that impacted nearly 780,000 customers. UniCredit has been ordered to pay €2.8 million ($3.1 million), but said it would appeal the decision.

Related: In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware

Related: In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups

This post was originally published on this site

Similar Posts