SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Cryptojacker sentenced to prison
Charles O. Parks III, aka CP3O, has been sentenced to one year in prison over a cryptojacking operation that involved defrauding unnamed cloud computing providers (likely AWS and Microsoft). Parks used $3.5 million worth of computing power to mine nearly $1 million in cryptocurrency, but did not pay the providers. He then boasted about his profits to boost his reputation as a crypto influencer. Parks was arrested and charged last year. As part of the sentence, he was ordered to forfeit $500,000 and a luxury car.
ECC.fail Rowhammer attack against DDR4
A team of researchers from universities in the US and Germany has disclosed the details of ECC.fail, a new Rowhammer attack technique that they claim is the first to be effective against DDR4 server machines with ECC memory. They proved the effectiveness of the attack by using Rowhammer to breach RSA signatures.
Microsoft limits access of Chinese firms to MAPP
Microsoft is limiting the information sent to Chinese companies as part of its Active Protections Program (MAPP), which provides details about serious vulnerabilities in advance to enable organizations to protect customers faster. Following an investigation into whether the recent ToolShell exploit was leaked via MAPP, Microsoft has decided to send Chinese companies only a general description of flaws rather than PoC code, Bloomberg reported. However, the tech giant has yet to confirm that the ToolShell exploit, which was first used by Chinese threat actors, was indeed leaked via MAPP.
Ermac banking trojan source code analyzed
Hunt.io has published a detailed analysis of the source code for the banking trojan Ermac 3.0. The code, leaked earlier this year, revealed significant enhancements in version 3.0, including new form injection and data theft capabilities covering over 700 banking, shopping, and cryptocurrency applications. However, the code also revealed critical weaknesses, including hardcoded secrets, default root credentials, and open account registration on the admin panel.
1,200 arrested across Africa in cybercrime crackdown
Interpol announced that more than 1,200 individuals suspected of being involved in cybercrime and fraud were arrested across Africa as part of Operation Serengeti 2.0. Authorities recovered nearly $100 million and dismantled 11,000 malicious networks. The targeted criminal enterprises included online investment fraud schemes, cryptocurrency mining centers, and inheritance scams. Several cybersecurity companies assisted law enforcement.
Microsoft Copilot logging issue
Microsoft recently patched a vulnerability that could have been exploited to avoid Copilot interactions being logged in audit logs. When Copilot was asked to summarize a file, the action would be logged, but if the AI assistant was asked not to link to the file and not to include it as a reference, the action would not get logged, Pistachio reported. Microsoft patched the flaw recently after being notified by Pistachio, but the tech giant was first informed by someone else a year ago. Pistachio is displeased that — because the issue was addressed with a server-side fix and it’s not considered a critical vulnerability — it will not get a CVE and an advisory. This means customers, including ones working in highly regulated industries (for which log integrity is very important) will not be notified.
Agentic AI introduces security risks in browsers
Web browsers powered by agentic AI, meant to make it easier for users to perform tasks such as handling emails and shopping, can introduce serious security risks. Guardio has detailed Scamlexity, a technique that attackers can use to trick AI-powered browsers into handing over user information on phishing websites, and facilitating ClickFix attacks.
Researcher says it’s difficult to report vulnerabilities to McDonald’s
A researcher has complained that it’s difficult to responsibly disclose vulnerabilities to McDonald’s. The expert, known online as BobDaHacker, found vulnerabilities that could have been exploited to run phishing campaigns, obtain employee information, deface an internal website, access corporate documents, and use coupons an unlimited number of times. However, it was difficult to report the findings to the fast food chain — he repeatedly called the company’s headquarters until he found someone to report his findings to. McDonald’s has not responded to SecurityWeek’s request for comment.
DaVita breach impact grows to 2.7 million people
Kidney dialysis services provider DaVita informed the HHS that a recent data breach impacts nearly 2.7 million people. The healthcare organization said earlier this month that over one million individuals had their information exposed following an attack for which the Interlock ransomware group took credit, claiming to have stolen 1.5 Tb of data.
Related: In Other News: Critical Zoom Flaw, City’s Water Threatened by Hack, $330 Billion OT Cyber Risk
Related: In Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector Assessment
