In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations – Source: www.securityweek.com

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

China’s Salt Typhoon recorded phone calls of senior political figures

Anne Neuberger, US deputy national security advisor for cyber and emerging technology, revealed that the Chinese threat group Salt Typhoon, which recently targeted several major telecoms companies as part of an espionage campaign, has obtained metadata pertaining to many Americans, but the hackers also obtained actual phone call recordings belonging to very senior political individuals, Reuters reported. 

WhatsApp View Once bypass fixed by Meta

Zengo reported earlier this year that the View Once feature in WhatsApp, which makes content disappear from a chat after it has been viewed by the recipient, can be easily bypassed. Zengo disclosed the issue after learning of in-the-wild exploitation. The security firm reported that the issue has finally been fixed by Meta.  

Russia’s Secret Blizzard using tools of other groups in Ukraine attacks

Microsoft Threat Intelligence has been seeing the Russian state-sponsored group Secret Blizzard using the tools and infrastructure of other threat actors in its attacks on Ukraine. In January 2024, Microsoft saw Secret Blizzard using the resources of Storm-1837 to deploy its custom backdoors Tavdig and KazuarV2 on Ukrainian military devices. Between March and April 2024, Microsoft observed Secret Blizzard using the Amadey bot malware, which is associated with Storm-1919, to deploy backdoors and conduct further reconnaissance on Ukrainian devices. Commandeering other threat actors’ resources — either via theft or purchase — allows Secret Blizzard to diversify its attack vectors.   

MITRE’s 2024 ATT&CK evaluations for cybersecurity solutions 

MITRE has conducted ATT&CK evaluations for cybersecurity solutions from 19 vendors. The products were tested against ransomware attacks and the tactics leveraged by North Korean threat actors. MITRE pointed out that “the evaluations do not rank vendors and their solutions; instead they provide insights and results organizations can use to determine which vendors and solutions may best address their cybersecurity gaps and fit their particular business needs”. However, some vendors took the opportunity to claim that their solution “won” against competitors’ solutions. 

Gen Digital acquires MoneyLion for $1 billion

Gen Digital (the owner of several popular antivirus brands such as Norton, Avast, AVG and Avira) has announced the acquisition of consumer finance company MoneyLion for $1 billion. Gen Digital said the addition of the MoneyLion platform to its offering will enable customers not only to protect their digital lives but also help them better manage and grow their financial wealth.

Japanese publisher’s data leaked by ransomware group despite payment of $3 million

Japanese publishing firm Kadokawa recently paid nearly $3 million in cryptocurrency to cybercriminals after it was targeted in a ransomware attack that resulted in data theft. However, DataBreaches reported that the company had its data leaked anyway, possibly as a result of a split within the ransomware group. 

Microsoft Recall captures sensitive information 

After several delays due to privacy and security reasons, Microsoft recently made the Recall feature available for testing. Recall, which takes screenshots at regular intervals to create a searchable memory of the user’s every action, should not capture sensitive information, but tests conducted by Tom’s Hardware showed that the tool does capture payment card numbers and Social Security numbers in certain situations. Microsoft said it will continue to improve the functionality. 

Yahoo laid off quarter of its cybersecurity team this year

TechCrunch has learned that Yahoo has laid off roughly 25% of its cybersecurity team this year. Yahoo’s Paranoids offensive team has been eliminated entirely and the company has confirmed that it’s transitioning offensive security operations to an outsourced model.

HP publishes device security report

HP has released a new report on device security based on a global study of over 800 IT and security decision-makers and 6,000 work-from-anywhere employees. The study showed that securing the hardware and firmware of PCs, laptops and printers is often overlooked, which leads to costly security headaches, management overheads and inefficiencies further down the line.

Related: In Other News: OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses Logs

Related: In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert