In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA

In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

FBI alert on BadBox 2 botnet

The FBI has issued an alert on BadBox 2, a botnet targeting IoT devices such as streaming products, projectors, vehicle infotainment systems, picture frames, and other devices, mostly those manufactured in China. The botnet, estimated to have ensnared over 1 million devices, was partially disrupted earlier this year. The initial BadBox botnet was discovered in 2023. 

NSO says it can’t pay $167 million in ‘unlawful’ damages to WhatsApp

Spyware vendor NSO Group has appealed (PDF) a jury’s decision dictating it should pay $167 million in damages to WhatsApp, saying the award is unlawful. The order was announced last month, in a lawsuit filed in 2019 over NSO’s alleged role in facilitating government spying on 1,400 users’ mobile phones. According to NSO, WhatsApp should not be awarded more than $1.77 million. 

Advertisement. Scroll to continue reading.

Vanta vulnerability exposed customer data

Vanta has resolved a vulnerability that exposed its customers’ data to other Vanta customers. Fewer than 20% of third-party integrations were exposed, the company told TechCrunch. All impacted customers, likely hundreds of them, were notified, the security and compliance automation firm said.

Google survey finds scams are increasing

More than half of online users in the US are seeing an increase in scams, and roughly one in five has experienced a data breach, a new Google survey shows. While most consumers believe they can spot a scam, many of them, mainly Gen X and Baby Boomers, continue to use traditional authentication methods, such as passwords and 2FA. Gen Z and Millennials, on the other hand, use passkeys and social sign-ins more frequently.

Firefox gets crypto scam prevention

Firefox now has an early detection feature meant to identify and block crypto scam extensions before they become popular among users. The system involves indicators of risk for wallet extensions, which are submitted to AMO (addons.mozilla.org), and which will trigger an alert once a certain risk threshold is reached.

Hedera Hashgraph users targeted by fraudsters

Scammers are targeting Hedera Hashgraph network users through the NFT airdrop feature in non-custodial wallets, the FBI warns (PDF). Users may receive fake rewards or incentives through the airdrop feature, which are accompanied by a plaintext “memo” section containing a URL to a third-party site. The URL links the victim’s cryptocurrency wallet to the website’s dApps function, which often requires the user to enter their login credentials and seed phrases, allowing the attackers to steal their funds.

US telecoms hacked by China earlier than believed

Chinese hackers broke into the systems of an unnamed US telecommunications company in the summer of 2023 and stayed there for seven months before they were discovered, Bloomberg [paywalled] has learned. This means China hacked into US telecom systems earlier than believed.

1,000 people left CISA since Trump came to office

Roughly 1,000 people have left CISA since Donald Trump took office, Axios learned. CISA, which faces significant budget cuts, has lost nearly one-third of its workforce. Hundreds of CISA workers reportedly took up the DHS’s buyout offer and left the cybersecurity agency. The White House had been planning to cut 1,000 positions at CISA during the 2026 fiscal year. 

Microsoft launches European Security Program

Microsoft announced the launch of a new European Security Program that adds to the tech giant’s global Government Security Program. The program, which is free of charge for European governments, focuses on increasing AI-based threat intelligence sharing, additional investments to strengthen cybersecurity capacity and resilience, and expanding partnerships to disrupt cyberattacks and dismantle cybercrime networks.

Related: In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked

Related: In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution


Source link