Cyber Security News: Venezuela Cyber Ops, ESA Data Breach, GPS Alternatives, and More

Cyber Operations and Data Breaches

• ⚡ A US cyber operation in Venezuela briefly cut power and disrupted radar, enabling undetected helicopter entry for an operation. Officials stated it demonstrated precise offensive capabilities with minimal collateral damage.
• ⚠️ The European Space Agency confirmed cyberattacks led to sensitive data, including staff credentials, appearing on dark web forums, though core mission systems remained unaffected.
• 🔐 Dutch police arrested a suspect alleged to be the operator of AVCheck, a malware testing service used by cybercriminals to evade antivirus detection.

OT Security and Exploited Vulnerabilities

• 📈 The US and allies issued new guidance on OT security, warning that insecure connectivity is a primary vector for disruption and outlining eight secure connectivity principles.
• 💻 Researchers are warning of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw, linked to the RondoDox botnet, affecting server and network control.
• 📄 A malvertising campaign called Tampered Chef uses Trojanized PDF documents to deliver backdoor malware and info stealers, targeting organizations across Europe.
• 🎧 A critical flaw in Google Fast Pair could allow attackers to forcibly connect to vulnerable Bluetooth audio accessories, potentially enabling audio playback or recording without consent.
• 🚨 Cisco patched a maximum-severity zero-day vulnerability in its AsyncOS, which had been exploited since November, allowing remote command execution with root privileges.

GPS Alternatives and Future Navigation

• 🛰️ Zak Kassas from Ohio State University discussed research into using Starlink and OneWeb LEO satellites as alternatives to GPS for navigation.
• 💡 This research demonstrates that LEO satellite communication signals can be repurposed for navigation, offering potential resilience against GPS jamming and spoofing.
• 🌍 The work has been tested on ground vehicles, high-altitude balloons, UAVs, and in the Arctic, showing promising results for meter-level accuracy.
• 📡 Kassas explained that this approach involves passively listening to communication signals and solving the ephemeris problem to determine satellite positions.

Leadership and Nostalgia in Tech

• 🎤 Jen Easterly has been appointed CEO of the RSA Conference, bringing her experience from leading CISA to shape the event's future.
• 📱 The iPhone 4 is experiencing a resurgence as a retro status symbol, with enthusiasts praising its "vintage" aesthetic, though security experts warn of significant risks due to its age and lack of updates.