SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Chinese APT hacked dozens of US critical entities
US officials and industry experts say that Chinese state-sponsored hackers have breached the systems of two dozen critical entities in the US over the past year, The Washington Post reports. One gas and oil pipeline, a water utility in Hawaii, and a major port are among the victims, as China aims to position itself to impede the US’s efforts to respond to potential conflict in Taiwan. The activity is associated with the Volt Typhoon APT.
Ukraine claims destruction of Russia’s federal tax agency’s servers
Ukraine’s defense intelligence directorate (GUR) claims to have wiped over 2,300 servers belonging to Russia’s federal tax service (FNS), completely destroying the infrastructure. Databases and backups were erased, configuration files deleted, and regional servers prevented from connecting to FNS.
SIM swapper sentenced to prison for $600,000 cryptocurrency theft
Daniel Akira Mills, 22, of Round Rock, Texas, was sentenced to 24 months in prison for relying on SIM swapping to take over victims’ phone numbers and stealing over $600,000 in cryptocurrency from dozens of individuals. He was also ordered to pay over $530,000 in restitution.
Suspected Hive ransomware gang member arrested in France
French police have apprehended an individual suspected of being connected to the infamous Hive ransomware gang, which was dismantled in January 2023. Authorities also searched his home in Cyprus and discovered more than €570,000 (~$625,000) in cryptocurrency in a wallet application on his phone.
CISA assigns CVE to Unitronics vulnerability exploited in water attacks
CISA has assigned the CVE identifier CVE-2023-6448 to the Unitronics Vision PLC insecure default password vulnerability exploited in recent attacks aimed at the US water sector. Attackers associated with the Iranian government have hacked internet-exposed PLCs, presumably by accessing them using the default password ‘1111’. CISA also added the CVE to its known exploited vulnerabilities database.
New DNS spoofing attacks abusing DHCP
Akamai draws attention to a new type of DNS spoofing attacks that leverage Microsoft Dynamic Host Configuration Protocol (DHCP) servers, allowing attackers to access Active Directory Integrated DNS (ADIDNS) zones without authentication. One variation of the attack allows adversaries to overwrite existing DNS records.
Vulnerabilities in Edulog parental portal exposed K-12 student information
Tenable identified several vulnerabilities in Edulog’s parent portal that allowed access to sensitive K-12 student information, including names, bus routes, GPS location, parent contact information, and configuration details for school districts, including usernames and passwords.
Fortinet, Zoom, Palo Alto Networks and Ivanti release patches
Fortinet patched two high-severity flaws in FortiOS, FortiPAM, and FortiProxy that could lead to code execution. Ivanti addressed a privilege escalation issue in Secure Access Client and an authentication bypass in Endpoint Manager Mobile (EPMM). Palo Alto Networks fixed a high-severity cross-site scripting (XSS) bug in PAN-OS. Zoom resolved high-severity vulnerabilities in desktop and mobile clients.
Dragos CEO joins DataTribe
Industrial cybersecurity firm Dragos co-founder and CEO Robert Lee has joined venture capital firm DataTribe as a venture partner. Lee, who secured seed funding from DataTribe as an entrepreneur, will remain as the Dragos full-time CEO.
Open source tool Swagger Jacker
Bishop Fox has released a new open source tool named Swagger Jacker, designed to help audit OpenAPI definition files. The command line tool enables offensive security professionals to identify potential vulnerabilities or misconfigurations in the API routes defined within the definition document. Bishop Fox has published a blog post describing the tool and the source code is available on GitHub.
New 5th Gen Intel Xeon processors bring increased security
Intel has launched its 5th Gen Xeon processors (code-named Emerald Rapids), which the company says bring improved performance and increased security. With these new CPUs, Intel Trust Domain Extensions (TDX), which provides increased confidentiality and security at the VM level, will be generally available to all OEM and CSP solution providers.
Related: In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Related: In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked