Cybersecurity Weekly Digest: Ransomware Disrupts Campus, Android Spyware’s Dangerous Update, and The EU’s AI Privacy Push

Ransomware Attack at Kaiserslautern University, GravityRAT Spyware, FBI’s Report on Business Email Compromise and Email Account Compromise Scams, Red Team Deployments, Visually Similar Domain Names, Cybersecurity Best Practices Legislation, Google’s kCTF Vulnerability Rewards Program, EU AI Act, and Dragos’ Global Partner Program.

Cybersecurity threats have continued to evolve over the years, with new attacks cropping up frequently. This week’s roundup highlights some of the notable cybersecurity stories that may have gone unnoticed. We will be looking at the ransomware attack at Kaiserslautern University in Germany, the new Android version of GravityRAT spyware that is capable of stealing WhatsApp backup files, the FBI’s report on business email compromise and email account compromise scams, the surge in red team deployments, the ways attackers use visually similar domain names in phishing attacks, the newly introduced legislation to provide guidance on cybersecurity best practices, Google’s kCTF Vulnerability Rewards Program, the EU AI Act, and Dragos’ Global Partner Program.

Kaiserslautern University in Germany suffered from a ransomware attack on June 8, and the university is still struggling to restore its services. Reports indicate that the university had to shut down its email system, website, and phone lines. The attackers demanded a ransom, but it is not clear if the university paid it. The university has advised its students to use personal email accounts until the issue is resolved, and there is no timeline for when the university will recover from the attack.

In a recent development, ESET reported that a new Android version of GravityRAT spyware is capable of stealing WhatsApp backup files and receiving commands to delete files. The spyware, believed to have been created by an Indian hacking group, has been found to be active since 2017. It primarily targets Indian defense and aerospace organizations, although it is not yet clear if the new Android version has expanded its scope.

The FBI has updated its report on business email compromise and email account compromise scams, revealing that the estimated losses have exceeded the $50 billion mark. Business email compromise scams occur when cybercriminals use compromised email accounts to transfer funds to fraudulent accounts, while email account compromise scams involve hacking into email accounts to obtain personal information and sensitive data. The report contains data from over 10,000 victims, and the FBI recommends that individuals and organizations take proactive steps to prevent these attacks.

According to Bishop Fox’s 2023 State of Offensive Security report, there has been a surge in red team deployments. The report reveals that businesses are increasingly using red teaming to identify security weaknesses and improve their overall security posture. Red teaming helps businesses simulate attacks and identify vulnerabilities in their systems and processes. The report also highlights the use of collaborative security, where businesses work together to share threat intelligence and best practices.

Infoblox provides a detailed examination of visually similar domain names used as an integral part of phishing attacks. The report highlights how attackers use domain names that are visually similar to legitimate ones to carry out convincing phishing attacks. Attackers make use of character substitutions, transpositions, and punycode to create these visually similar domain names. The report recommends that individuals and organizations educate themselves on how to identify and prevent phishing attacks.

Bipartisan legislation has been introduced to provide guidance on cybersecurity best practices to the public and private sectors. The newly introduced legislation requires the Department of Homeland Security (DHS) to provide regular guidance on best practices related to cybersecurity in order to improve the cybersecurity posture of both the public and private sectors. The legislation aims to ensure that they adhere to industry-standard best practices. This legislation is in response to the increase in cyber threats and attacks, and it is expected to receive widespread support.

Google has announced that it paid a total of $1.8 million for the reports of Linux kernel exploits received as part of the kCTF Vulnerability Rewards Program. The bug bounty program is run by Google in collaboration with several other organizations. It rewards researchers who discover vulnerabilities in the Linux kernel with cash prizes. Google’s payments serve as a testament to the significance of bug bounty programs in motivating researchers to hunt for vulnerabilities and report them.

The European Parliament has voted in favor of the EU AI Act, which could potentially outlaw areas such as emotion detection and predictive policing. The legislation aims to regulate the use of artificial intelligence in Europe and is designed to set out strict rules on how AI can be used. The legislation is part of the European Union’s efforts to address the ethical and legal concerns around AI, and it is expected to have a significant impact on businesses operating in Europe.

Industrial cybersecurity firm Dragos has launched a Global Partner Program that offers OT security services, technology, and threat intelligence. The program aims to help businesses improve their operational technology (OT) security by enabling them to leverage Dragos’ expertise. The program includes training, certification, and support, and is expected to enhance businesses’ resilience to cyber threats.

In conclusion, the cybersecurity threats faced by individuals and organizations continue to evolve, and it is essential to keep up with the latest developments. This week’s roundup highlighted some of the notable cybersecurity stories that may have gone unnoticed, including the ransomware attack at Kaiserslautern University, the new Android version of GravityRAT spyware, the FBI’s report on business email compromise and email account compromise scams, the surge in red team deployments, the ways attackers use visually similar domain names in phishing attacks, the new legislation introduced to provide guidance on cybersecurity best practices, Google’s kCTF Vulnerability Rewards Program, the EU AI Act, and Dragos’ Global Partner Program. It is crucial for individuals and organizations to stay informed and take proactive measures to protect themselves against cyber threats.

Explore more

Why Should Leaders Invest in Employee Career Growth?

In today’s fast-paced business landscape, a staggering statistic reveals the stakes of neglecting employee development: turnover costs the median S&P 500 company $480 million annually due to talent loss, underscoring a critical challenge for leaders. This immense financial burden highlights the urgent need to retain skilled individuals and maintain a competitive edge through strategic initiatives. Employee career growth, often overlooked

Making Time for Questions to Boost Workplace Curiosity

Introduction to Fostering Inquiry at Work Imagine a bustling office where deadlines loom large, meetings are packed with agendas, and every minute counts—yet no one dares to ask a clarifying question for fear of derailing the schedule. This scenario is all too common in modern workplaces, where the pressure to perform often overshadows the need for curiosity. Fostering an environment

Embedded Finance: From SaaS Promise to SME Practice

Imagine a small business owner managing daily operations through a single software platform, seamlessly handling not just inventory or customer relations but also payments, loans, and business accounts without ever stepping into a bank. This is the transformative vision of embedded finance, a trend that integrates financial services directly into vertical Software-as-a-Service (SaaS) platforms, turning them into indispensable tools for

DevOps Tools: Gateways to Major Cyberattacks Exposed

In the rapidly evolving digital ecosystem, DevOps tools have emerged as indispensable assets for organizations aiming to streamline software development and IT operations with unmatched efficiency, making them critical to modern business success. Platforms like GitHub, Jira, and Confluence enable seamless collaboration, allowing teams to manage code, track projects, and document workflows at an accelerated pace. However, this very integration

Trend Analysis: Agentic DevOps in Digital Transformation

In an era where digital transformation remains a critical yet elusive goal for countless enterprises, the frustration of stalled progress is palpable— over 70% of initiatives fail to meet expectations, costing billions annually in wasted resources and missed opportunities. This staggering reality underscores a persistent struggle to modernize IT infrastructure amid soaring costs and sluggish timelines. As companies grapple with