In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act – Source: www.securityweek.com

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

By bringing these stories to your attention, we empower you to stay informed, enhance your security posture, and make well-informed decisions to protect your organization.

Here are this week’s stories:

Kaiserslautern University in Germany hit by ransomware

The Kaiserslautern University in Germany is struggling to restore services following a ransomware attack that occurred on June 8. The incident impacted the entire IT infrastructure of the university, and the institution has warned employees and students not to turn on business IT devices, such as laptops or workstations. While the university managed to restore telephone communications, all online services remain unavailable.

GravityRAT spyware targets WhatsApp backups on Android devices

ESET reported that a new Android version of the GravityRAT spyware is capable of stealing WhatsApp backup files and receiving commands to delete files. The malware has been delivered using trojanized versions of popular applications.

Strava fitness-tracking app leaks user location

Academics at the North Carolina State University have published a research paper (PDF) demonstrating that attackers can use the heatmap feature of the Strava fitness-tracking application to identify the home address of highly active users in remote areas. An opt-out feature, the heatmap is meant to anonymously aggregate user activities in a single map to help them find active trails and hot spots.

FBI says BEC scam losses surpassed $50 billion

The FBI has updated its report (PDF) on business email compromise and email account compromise (BEC) scams, rounding up estimated losses above the $50 billion mark. In the US, the total number of victims has surpassed 200,000, with reported losses of over $30 billion.

Bishop Fox publishes 2023 State of Offensive Security report

Bishop Fox has published its 2023 The State of Offensive Security report, which shows a surge in Red Team deployments. A survey of 700 IT and security practitioners showed that 64% are using red teaming and more than half plan on increasing investment within the next 12-24 months. 

Infoblox examines lookalike attacks

Infoblox provides a detailed examination of the ways in which attackers use visually similar domain names as an integral part of a phishing attack. A simple example demonstrates that nobody is immune: examples of lookalike Infoblox domains that the firm did not register. lnfoblox[.]com (homoglyph) uses a lowercase “L” to impersonate a capital “i”; infobloxbenifits[.]com (simple typosquat); infoblox[.]info (TLD squat) uses a different top level domain suffix; infobloxgrid[.]com (combosquat) combines the company name and the company’s primary product.

Cybersecurity Awareness Act

Newly introduced bipartisan legislation requires the Department of Homeland Security (DHS) to provide public and private sectors with regular guidance on best practices related to cybersecurity, while ensuring that the Cybersecurity and Infrastructure Security Agency (CISA) increases outreach to entities frequently targeted with ransomware, such as small businesses and underserved communities.

Google paid $1.8 million for Linux kernel exploits

Google says it has paid a total of $1.8 million for Linux kernel exploit reports received as part of the kCTF Vulnerability Rewards Program (VRP), which kicked off in 2020. More than 60% of submissions targeted vulnerabilities in the ‘io_uring’ component and Google has disabled the component on its servers and in Chrome OS, and is limiting its usage on Android and GKE AutoPilot.

Kernel exploit submissions are now handled under the name kernelCTF, as the internet giant is shifting focus from Google Kubernetes Engine (GKE) and kCTF to the latest stable kernel and the included mitigations. The maximum total payout for valid reports remains $133,337.

European Parliament votes in favor of AI Act

Despite last week’s concerns over the future of the EU AI Act, the European Parliament has voted in favor — by 499 to 28, with 93 abstentions. The details still have to be agreed by the European Council (representing the national governments) and the European Commission — and there is likely to be some pushback from both; for example, in policing areas. As it stands, the law is heavily focused on people (privacy and personal rights), potentially outlawing areas such as emotion detection, and predictive policing. It also provides greater transparency over AI data content; for example, restrictions on the use of copyright material. The Act contrasts with Google’s SAIF proposals: the former concentrates on the content, while the latter concentrates on the technology.

Quantum-sourced random numbers

Quantinuum’s Quantum Origin Onboard brings quantum enhanced key generation to the current encryption used by edge and IoT devices. It employs the generation and delivery of true random numbers from the Quantinuum H-series quantum computer. A quantum seed is embedded into the device, improving the ability to generate strong and secure keys. It doesn’t require any change to existing encryption software, but improves the security of that encryption.

AWS removes HTTP header remapping from Amazon API Gateway

On June 14, Amazon Web Services (AWS) removed HTTP header remapping from Amazon API Gateway after Omegapoint discovered and reported an edge case issue and an authorization-caching flaw. Velocity Template Language-based (VTL) transformation remains available for header remapping, as it is not affected by the flaws.

Dragos launches Global Partner Program

Industrial cybersecurity firm Dragos has launched a Global Partner Program that comprises OT security services, technology and threat intelligence. Partners also get training that enables them to offer assessment services to customers.