In today’s cybersecurity news…
Tenable acquiring Israel’s Vulcan Cyber in $150 million deal
Tenable, a Nasdaq-listed cybersecurity company valued at $5.3 billion, is acquiring Israeli cybersecurity firm Vulcan Cyber for approximately $150 million, with the deal expected to close in Q1 of this year. The acquisition aims to enhance Tenable’s security exposure management platform by integrating Vulcan Cyber’s capabilities, unifying security visibility and risk mitigation. Vulcan Cyber was founded in 2018 and has raised $55 million and employs 100 people, though it is unclear how many will remain post-acquisition.
Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks
Hackers linked to China, Iran, Russia, and North Korea are using AI, including Google’s Gemini chatbot, to enhance cyberattacks, according to U.S. officials and Google security research. These groups utilize AI for tasks like writing malicious code, identifying vulnerabilities, and researching targets rather than developing advanced hacking techniques. Meanwhile, China’s DeepSeek AI has raised global concerns about Beijing’s progress in the AI arms race, adding uncertainty to the technology’s impact on security and warfare.
U.S. Navy bans use of DeepSeek due to ‘security and ethical concerns’
The U.S. Navy has warned its members to avoid using China’s DeepSeek AI due to security and ethical concerns, instructing them not to use it for work or personal tasks. DeepSeek’s newly released AI model, R1, has drawn global attention for its capabilities, sparking concerns over China’s AI advancements and impacting tech markets, with AI chipmakers like Nvidia and Broadcom losing $800 billion in market value. The warning comes amid growing U.S.-China AI competition, with figures like Trump and industry leaders emphasizing the urgency of maintaining American leadership in AI.
(CNBC)
South Africa’s government-run weather service knocked offline by cyberattack
A cyberattack has taken the South African Weather Service (SAWS) offline, disrupting critical services for aviation, marine, and agriculture, while forcing SAWS to share weather updates via social media. The breach, the second attempted attack in two days, has also impacted regional allies like Mozambique and Zambia, with efforts underway to restore systems. While no ransomware group has claimed responsibility, South Africa has faced a wave of cyberattacks in recent years, targeting public institutions, including its defense department, pension organization, and national lab service.
Huge thanks to our sponsor, Conveyor
You know, chasing down SMEs for answers, updating systems, coordinating across teams—all the grunt work nobody wants to do. Plus, having to finish the dang questionnaire itself. Well. That teammate exists—Conveyor just launched Sue, the first AI Agent for Customer Trust.
Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes every questionnaire and knocks out all the coordination in-between.
Sue handles it all so you don’t have to. Learn more at www.conveyor.com.
FBI seizes major cybercrime forums in coordinated domain takedown
The FBI and international law enforcement have seized multiple cybercrime-linked platforms, including Cracked[.]io, Nulled[.]to, SellIX, and StarkRDP, in a major crackdown on digital marketplaces for stolen credentials and hacking tools. These sites have been criticized for enabling password theft, software piracy, and credential-stuffing attacks, but now redirect to FBI-controlled servers, effectively shutting them down. The operation, involving agencies from Australia, France, Germany, and others, marks another step in global efforts to dismantle cybercriminal networks.
North Koreans clone open-source projects to plant backdoors, steal credentials
North Korea’s Lazarus Group carried out a large-scale supply chain attack, dubbed Phantom Circuit, compromising hundreds of victims by embedding backdoors in cloned open-source software, according to SecurityScorecard‘s latest report. The campaign began in late 2024 and targeted cryptocurrency developers and tech professionals by distributing malware-laced repositories on platforms like GitLab. Stolen data included credentials, authentication tokens, and system information, with the attackers using obfuscation techniques and VPNs.
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
Oasis Security discovered a critical vulnerability in Microsoft’s Multi-Factor Authentication (MFA), allowing attackers to bypass it and gain unauthorized access to Office 365 accounts, including Outlook, OneDrive, and Azure. The flaw exploited session creation and TOTP code tolerance, enabling attackers to brute-force MFA codes undetected within 70 minutes. Oasis reported the issue to Microsoft, which implemented a stricter rate limit, permanently fixing the vulnerability by October 2024. The research highlights the importance of strong MFA implementations and improved alerting mechanisms for failed second-factor attempts.
SLAP and FLOP security flaws affect all current Apple devices, and many older ones
Security researchers from The Georgia Institute of Technology have discovered two vulnerabilities, SLAP and FLOP, affecting all iPhones, iPads, and Macs with A15 and M2 chips or later. These flaws exploit speculative execution to access data from open web tabs, with SLAP affecting Safari and FLOP impacting both Safari and Chrome. While there’s no evidence of exploitation in the wild, Apple has been working on fixes since mid-2024, stating there is no immediate risk to users. Until a patch is released, the best precaution is to be cautious of the websites you visit.
(9to5Mac)