Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

In Other News: Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity

Noteworthy stories that might have slipped under the radar: Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Australian man charged for ‘evil twin’ WiFi networks

A 42-year-old man from Australia has been charged for creating so-called ‘evil twin’ Wi-Fi access points. The man is accused of setting up free Wi-Fi access points that mimicked legitimate networks. Users who connected to the malicious networks had their credentials for email and social media websites stolen. The evil twin networks were deployed at airports and other locations. 

Dozens of vulnerabilities found in Sharp and Toshiba printers

Security researcher Pierre Kim has disclosed technical details for dozens of vulnerabilities found in multi-function printers made by Toshiba and Sharp. In Sharp devices he found 17 vulnerabilities and in Toshiba products he found 40. Some of the flaws can be exploited to compromise impacted printers. The vendors have released patches. 

Advertisement. Scroll to continue reading.

Egyptian Health Department data breach impacts 120,000

The Egyptian Health Department in Illinois discovered an intrusion in December 2023. The healthcare organization recently completed its investigation and determined that over 120,000 individuals are impacted. Information such as names, addresses, dates of birth, Social Security numbers, phone numbers, and financial account/bank account data was exposed. 

Hacking smart grills

Researchers at Bishop Fox managed to hack a smart grill from Traeger. The grill includes a Wi-Fi controller that can be used for monitoring and control. The researchers discovered vulnerabilities that can be exploited to control other users’ grills and, for instance, change the temperature during a cooking cycle. 

Pakistan-linked Android spyware targets gamers and weapons enthusiasts

SentinelOne has shared an update on the CapraRAT Android spyware, which was previously associated with the Pakistan-linked state-sponsored threat group Transparent Tribe. The hackers have been embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans.

Formula One organization discloses data breach

The Fédération Internationale de l’Automobile (FIA), the governing body for Formula One and other auto racing events, has disclosed a data breach involving unauthorized access to personal data stored in two of its email accounts. Hackers gained access to the accounts through phishing. 

Unfixed vulnerabilities in Gogs 

The Gogs open source solution for self-hosting source code is affected by four unfixed vulnerabilities that allow attackers to compromise vulnerable instances, enabling them to steal source code, plant code backdoors, and wipe all code, according to Sonar. A Shodan search shows roughly 7,300 internet-exposed Gogs instances.

Impact of sanctions and exposure on Predator spyware

Cyberscoop reported that the activity of the Intellexa group, known for its use of the Predator spyware, appears to have declined following sanctions and the exposure of its operations. Researchers have seen a significant decrease in activity, but noted that this may also be the result of the spyware maker finding ways to avoid detection. 

Microsoft details serious vulnerabilities found in Rockwell HMIs

Microsoft has shared details on a couple of critical- and high-severity vulnerabilities discovered in Rockwell Automation PanelView Plus HMIs. The flaws can be remotely exploited by unauthenticated attackers for remote code execution and denial-of-service (DoS) attacks. The security holes were patched by Rockwell in September and October 2023. 

Entrust responds to Google not trusting its certificates

Google recently announced that it would no longer trust certificates issued by Entrust due to concerning behavior. Entrust this week responded and promised to make improvements and address concerns. 

Related: In Other News: Malware Delivered by ISP, Temu Spying, Critical Dataverse Vulnerability

Related: In Other News: Microsoft Email Spoofing, Snowflake Hack Ransoms, LogoFail Follow-Up

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights