SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Ukrainian hackers target major Russian water utility
In revenge for the recent Russian attack on Kyivstar, Ukraine’s largest mobile network operator, Ukrainian hackers claim to have launched an attack on Rosvodokanal, the largest private water utility in Russia. The hackers claim to have stolen documents, encrypted 6,000 computers, and deleted 50 Tb of data, disrupting operations. Rosvodokanal is responsible for providing water to millions of consumers, but there do not appear to be any reports of the water supply being impacted by the attack.
Former security engineer admits hacking two cryptocurrency exchanges
The US Justice Department announced that Shakeeb Ahmed has pleaded guilty to hacking two decentralized cryptocurrency exchanges, stealing over $12 million worth of cryptocurrency. The attacks were carried out in 2022 and targeted Nirvana Finance and Crema Finance. The DOJ described Ahmed as a former security engineer at an international technology company, which appears to be Amazon.
Apple and Adobe patches
Apple and Adobe have each released patches for a single vulnerability. Apple released macOS Sonoma 14.2.1 to address a WindowServer issue that involved content being unintentionally exposed when users shared their screen. Adobe released an Experience Manager Forms update to address an Apache Struts vulnerability that has been exploited in the wild.
Hundreds of TeamCity instances still vulnerable to attacks
Hundreds of TeamCity instances are vulnerable to attacks exploiting CVE-2023-42793, according to Censys. The Russian cyberespionage group known as APT29 has been exploiting the vulnerability on a large scale since September 2023, according to government agencies.
GWT vulnerability remains unpatched 8 years after discovery
A potentially serious vulnerability affecting GWT, a popular open source web application framework, remains unpatched eight years after it was discovered, according to Bishop Fox. The flaw can expose application owners to unauthenticated server-side code execution. There have been several discussions on the security hole since 2015, but it still has not been fixed. Bishop Fox has published a blog post describing how the vulnerability can be exploited and how developers can check if their GWT-based application is affected.
AI vulnerability rating taxonomy for LLMs
Bug bounty platform Bugcrowd has updated its Vulnerability Rating Taxonomy (VRT) to define how AI vulnerabilities in Large Language Models (LLMs) are classified, reported, and prioritized on its platform in an effort to enable hackers and customers to have a shared understanding of how these types of flaws are handled.
Payment fraud underground shows signs of recovery
Recorded Future has published its 2023 Payment Fraud report, which reveals that the payment fraud underground is showing signs of recovery following Russia’s crackdown on domestic cybercriminals and its invasion of Ukraine. The report also shows that the volume of stolen payment cards on carding shops has started to rebound. A total of 119 million cards were offered for sale, with a median fraud charge of $79.
Google shuts down thousands of YouTube channels
Google has terminated thousands of YouTube channels as part of investigations into influence campaigns linked to China, Russia, and Iran. Ads accounts, domains, and other resources linked to these campaigns were also blocked. Hundreds of YouTube accounts linked to campaigns in Turkey, Azerbaijan, Ethiopia, and Sudan also got the ax.
Intellexa and its Alien/Predator spyware products
Cisco has published a new report detailing the evolution of Intellexa, ‘an intelligence agency-grade spyware vendor’ that emerged from the ashes of Cytrox, after it was bought. The report also dives into the vendor’s Alien/Predator line of implants, which were found to persist device reboots.
CISA finalizes Microsoft 365 secure configuration guidance
US cybersecurity agency CISA announced that the final version of its Microsoft 365 Secure Configuration Baselines guidance, which includes input from a public comment period, is now available to the public. The guidance, which aims to help organizations improve the security and resilience of their M365 services, is accompanied by an updated SCuBAGear tool, enabling interested parties to assess their M365 services against CISA’s baselines.
Related: In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked
Related: In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs
