Connect with us

Hi, what are you looking for?


Email Security

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023.

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Details disclosed for unauthenticated RCE vulnerability in IBM i DDM 

Silent signal has disclosed the technical details of CVE-2023-30990, a vulnerability in IBM i’s distributed data management (DDM) service, which allows an unauthenticated, remote attacker to execute arbitrary code. IBM has patched the flaw. 

Details disclosed for Siemens vulnerabilities that could threaten power grids

Advertisement. Scroll to continue reading.

SEC Consult has published a technical advisory for several vulnerabilities affecting Siemens’ Sicam A8000 remote terminal units (RTUs), including a critical flaw that could allow malicious hackers to destabilize a power grid.

Vulnerability in Medtronic cardiac device data management product

CISA and healthcare technology firm Medtronic have informed users about the existence of a critical vulnerability affecting Medtronic’s Paceart Optima cardiac device data management product. Exploitation can lead to DoS attacks or remote code execution. The vendor has released a patch and there is no evidence of exploitation in the wild. 

ImmuniWeb adds email security test to its free product

Web security firm ImmuniWeb has added email security testing to its free product, which also includes cloud security, mobile app security, dark web exposure, SSL security, and website security testing. 

Tool for sending phishing messages to Teams users

A member of the US Navy’s Red Team has released an open source tool named TeamsPhisher that allows users to bypass security features and deliver phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. Microsoft does not seem too concerned, pointing out that social engineering is involved

Chinese APT targeting European government entities

Check Point has a report on a campaign dubbed SmugX. The campaign is the work of a Chinese threat actor targeting foreign and domestic policy-focused government entities in Europe. The attackers have exploited HTML smuggling to deliver malware. 

Silentbob’s cloud attack delivering cryptominer

Cloud security firm Aqua Security has detailed a campaign it has linked to TeamTNT, a threat group known for targeting cloud and container environments to deploy cryptocurrency miners. The campaign is in its early stages, with infrastructure being prepared for a worm-like expansion across misconfigured Docker APIs and JupyterLAb instances. 

Malicious NPM packages used in supply chain and phishing attacks

ReversingLabs has discovered over a dozen malicious packages in the NPM repository, which were used to power both phishing attacks and software supply chain compromises. Some of the packages supported the harvesting of Microsoft credentials, while others would implant credential harvesting scripts in software. Mimicking legitimate NPM modules, the malicious packages were published between May 11 and June 13.

AI-generated books flood Amazon

A flurry of AI-generated ebooks flooded Amazon, taking the spotlight in the detriment of real, legit books. Described as ‘nonsensical and incoherent’, these books could potentially facilitate click-farming, generating illicit revenue – Amazon Kindle Unlimited pays authors by the number of pages read — and also raise concerns of quality control and authenticity.

Related: In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools

Related: In Other News: Microsoft Win32 App Isolation, Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...