In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer – Source: www.securityweek.com

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

Washington Post targeted in cyberattack

The Washington Post was recently targeted in a cyberattack that resulted in the email accounts of several journalists getting compromised, the Wall Street Journal reported. The attack, possibly carried out by a foreign government, involved unauthorized access to some journalists’ Microsoft accounts, including reporters focusing on national security and economic policy. 

US offering $10 million for Iranian hackers who developed IOCONTROL malware

The US Department of State is offering a reward of up to $10 million for information on Iranian hackers who targeted industrial control systems (ICS). The reward against the hackers, known online as the Cyber Av3ngers, was first announced one year ago, but the State Department has now updated the wanted poster to specifically mention development of the IOCONTROL malware, which they used to target OT and IoT devices in the US and Israel.  

Crowhammer attack

Researchers have presented Crowhammer, a type of Rowhammer attack that enables a key recovery attack against the Falcon post-quantum signature scheme, which has been selected by NIST for standardization. The researchers showed that a single targeted bit flip is sufficient to recover a full signing key, and they demonstrated a practical attack. 

2024 EU Cybersecurity Index 

The cybersecurity agency ENISA has published the 2024 EU Cybersecurity Index, which describes the security posture of the union and member states. The average score across all metrics is 62 out of 100. The highest scores, close to 100 points, were obtained for most SMBs and large enterprises not experiencing incidents that led to the disclosure of sensitive data, as well as for citizens’ secure use of the internet. The lowest scores were for low AI use for ICT security, cybersecurity investments by critical entities, enterprise risk assessments, and R&D funding. 

Nigerian sentenced to prison in US for scams

Another Nigerian national has been sentenced to prison in the United States for cybercrimes.  Ridwan Adeleke Adepoju has received a 43-month prison sentence for his role in a scheme that included phishing scams, romance scams, and fraudulent tax returns. Adepoju was arrested last year in the UK and later extradited to the US.

Trend Micro, Dell and Nvidia team up

Trend Micro, Dell, and Nvidia have announced new joint OEM appliance offerings to support secure, AI-powered infrastructure. Trend Micro is providing its Trend Vision One cybersecurity platform, with protection across email, cloud, network, endpoint, data, and identity. Dell is offering scalable infrastructure and deployment backbone with PowerFlex enterprise storage. Nvidia’s Morpheus cybersecurity framework provides real-time, GPU-accelerated threat detection and AI-driven analysis that can reduce dwell and response time.

AgentSmith AI vulnerability

Noma Security has disclosed the details of AgentSmith, an AI agent vulnerability in LangSmith’s Prompt Hub feature. Exploitation could have allowed an attacker to steal API keys and hijack LLM responses. The issue has been fixed and there is no evidence of in-the-wild exploitation. 

Viasat targeted by Chinese hackers

US communications company Viasat has confirmed being targeted by China’s Salt Typhoon hackers, who are known for targeting major telecoms firms in the United States and elsewhere. According to Bloomberg, Viasat confirmed that it had detected unauthorized access through a compromised device, but said it had found no evidence of impact to customers. 

Related: In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

Related: In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA