In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities – Source: www.securityweek.com

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:   

Stealing data by listening to the sound of keystrokes

Researchers have shown how an AI model can accurately determine the key that is being pressed on a keyboard based on the sound that it makes. They demonstrated how an attacker could steal sensitive information by using a phone or Zoom to record the sound of keystrokes, with an accuracy of over 90%.

DHS announces additional cybersecurity funding

The DHS has announced an additional $374 million available in grant funding for state and local governments to boost their cyber resilience. The funding is offered as part of the State and Local Cybersecurity Grant Program (SLCGP) for FY 2023. 

Interpol shuts down phishing platform

Interpol announced the shutdown of a notorious phishing-as-a-service platform named 16shop. As part of the operation, authorities in Indonesia and Japan arrested individuals believed to have been involved in the cybercrime scheme. 

Department of Health and Human Services issues alert on Rhysida ransomware

The US Department of Health and Human Services has issued an alert to warn healthcare organizations about an emerging ransomware-as-a-service (RaaS) group named Rhysida. Victims have been observed in the Americas, western Europe and Australia across several sectors.

New ransomware groups emerging due to code leaks

Cisco Talos reported that there has been an influx of new ransomware groups due to leaked source code or builders. These new threat actors are demanding low ransom payments compared to prominent groups. 

Chinese state-sponsored threat group RedHotel

A Chinese state-sponsored threat group named RedHotel has targeted entities in the academia, aerospace, media, government, research, and telecom sectors in the past couple of years. Victims have been seen in 17 countries in Asia, Europe and North America, but the group’s focus appears to be Southeast Asia, according to a new report from Recorded Future. 

macOS security reports

macOS security reports were published this week by Accenture and Bitdefender. Bitdefender data shows that Mac users are mainly targeted by trojans, adware, and potentially unwanted applications (PUAs). Accenture reported seeing a 1000% increase in dark web threat actors targeting macOS. 

Cybersecurity gaps found in all companies backed by London’s biggest VC firms 

DynaRisk has conducted an analysis of 5,482 companies backed by London’s biggest venture capital firms, and found that every single one of them had issues that could leave them exposed to cyberattacks. Two-thirds had high-risk vulnerabilities and nearly 9% had critical security holes. 

Google to release Chrome security updates more frequently

Google has announced that starting with Chrome 116 it plans on shipping weekly stable channel updates in an effort to get security fixes to users more quickly. 

TunnelCrack VPN vulnerabilities

Researchers have released the details of a VPN attack named TunnelCrack, which uses a combination of two vulnerabilities that allow attackers to intercept traffic outside the VPN tunnel. Tests showed that every VPN product is vulnerable on at least one device. Exploitation is possible when a user connects to an untrusted Wi-Fi network and in some cases through malicious ISPs.

NCC Group laying off more staff

UK cybersecurity firm NCC Group is laying off a “small number” of employees after earlier this year it announced plans to terminate 125 workers in the UK and North America. Rapid7 also announced layoffs this week. 

Zyxel routers targeted via old vulnerability

Discontinued Zyxel routers are being targeted through the exploitation of a vulnerability patched by the vendor in 2017. CISA this week added the flaw to its ‘must patch’ list and Fortinet has reported seeing thousands of attack attempts. 

Related: In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability