Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs 

Noteworthy stories that might have slipped under the radar: Ukraine hacks Russia’s federal tax agency, CVE assigned to PLC exploit, security in new Intel CPU.

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Chinese APT hacked dozens of US critical entities

US officials and industry experts say that Chinese state-sponsored hackers have breached the systems of two dozen critical entities in the US over the past year, The Washington Post reports. One gas and oil pipeline, a water utility in Hawaii, and a major port are among the victims, as China aims to position itself to impede the US’s efforts to respond to potential conflict in Taiwan. The activity is associated with the Volt Typhoon APT.

Ukraine claims destruction of Russia’s federal tax agency’s servers

Ukraine’s defense intelligence directorate (GUR) claims to have wiped over 2,300 servers belonging to Russia’s federal tax service (FNS), completely destroying the infrastructure. Databases and backups were erased, configuration files deleted, and regional servers prevented from connecting to FNS.

Advertisement. Scroll to continue reading.

SIM swapper sentenced to prison for $600,000 cryptocurrency theft

Daniel Akira Mills, 22, of Round Rock, Texas, was sentenced to 24 months in prison for relying on SIM swapping to take over victims’ phone numbers and stealing over $600,000 in cryptocurrency from dozens of individuals. He was also ordered to pay over $530,000 in restitution.

Suspected Hive ransomware gang member arrested in France

French police have apprehended an individual suspected of being connected to the infamous Hive ransomware gang, which was dismantled in January 2023. Authorities also searched his home in Cyprus and discovered more than €570,000 (~$625,000) in cryptocurrency in a wallet application on his phone. 

CISA assigns CVE to Unitronics vulnerability exploited in water attacks

CISA has assigned the CVE identifier CVE-2023-6448 to the Unitronics Vision PLC insecure default password vulnerability exploited in recent attacks aimed at the US water sector. Attackers associated with the Iranian government have hacked internet-exposed PLCs, presumably by accessing them using the default password ‘1111’. CISA also added the CVE to its known exploited vulnerabilities database.

New DNS spoofing attacks abusing DHCP 

Akamai draws attention to a new type of DNS spoofing attacks that leverage Microsoft Dynamic Host Configuration Protocol (DHCP) servers, allowing attackers to access Active Directory Integrated DNS (ADIDNS) zones without authentication. One variation of the attack allows adversaries to overwrite existing DNS records

Vulnerabilities in Edulog parental portal exposed K-12 student information

Tenable identified several vulnerabilities in Edulog’s parent portal that allowed access to sensitive K-12 student information, including names, bus routes, GPS location, parent contact information, and configuration details for school districts, including usernames and passwords.

Fortinet, Zoom, Palo Alto Networks and Ivanti release patches

Fortinet patched two high-severity flaws in FortiOS, FortiPAM, and FortiProxy that could lead to code execution. Ivanti addressed a privilege escalation issue in Secure Access Client and an authentication bypass in Endpoint Manager Mobile (EPMM). Palo Alto Networks fixed a high-severity cross-site scripting (XSS) bug in PAN-OS. Zoom resolved high-severity vulnerabilities in desktop and mobile clients. 

Dragos CEO joins DataTribe

Industrial cybersecurity firm Dragos co-founder and CEO Robert Lee has joined venture capital firm DataTribe as a venture partner. Lee, who secured seed funding from DataTribe as an entrepreneur, will remain as the Dragos full-time CEO.

Open source tool Swagger Jacker 

Bishop Fox has released a new open source tool named Swagger Jacker, designed to help audit OpenAPI definition files. The command line tool enables offensive security professionals to identify potential vulnerabilities or misconfigurations in the API routes defined within the definition document. Bishop Fox has published a blog post describing the tool and the source code is available on GitHub. 

New 5th Gen Intel Xeon processors bring increased security

Intel has launched its 5th Gen Xeon processors (code-named Emerald Rapids), which the company says bring improved performance and increased security. With these new CPUs, Intel Trust Domain Extensions (TDX), which provides increased confidentiality and security at the VM level, will be generally available to all OEM and CSP solution providers. 

Related: In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding

Related: In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...