SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Zoom’s Zero Touch Provisioning allows remote hacking of desk phones
An attacker can abuse Zoom’s Zero Touch Provisioning to remotely hack desk phones and eavesdrop on rooms or phone calls, move laterally within the corporate network, or build a botnet of compromised devices. Some of the vulnerabilities involved in the attack have only been partially fixed or not patched at all.
MaginotDNS cache poisoning attack against DNS servers
Researchers have described MaginotDNS, a new cache poisoning attack method targeting DNS servers. MaginotDNS leverages bailiwick vulnerabilities and works against DNS software such as BIND and Microsoft DNS.
Unfixed PowerShell Gallery vulnerabilities could allow supply chain attacks
A series of vulnerabilities in PowerShell Gallery, the central repository for sharing PowerShell code, can be exploited for typosquatting attacks and they could allow supply chain attacks. Aqua Security reported the issues to Microsoft, but they remain unpatched.
Exploiting Moovit vulnerabilities to get free train tickets and user information
SafeBreach researchers have found a series of vulnerabilities in the products of Moovit, a mobility-as-a-service (MaaS) operator whose solutions are used worldwide. The flaws could have allowed a hacker to get free train tickets and obtain user information. Moovit was informed about the vulnerabilities and it has released patches. Customers do not need to take any action.
Atlassian patches Confluence Server and Data Center vulnerability
Atlassian has released patches for CVE-2023-28709, a high-severity vulnerability related to third-party dependencies. An attacker could exploit the security hole for DoS attacks.
Russia-linked attacks on NATO-aligned Ministries of Foreign Affairs
EclecticIQ has detailed a Russia-linked cyberespionage campaign that leverages PDF files purportedly coming from a German embassy to target Ministries of Foreign Affairs in NATO-aligned countries.
China allegedly discovered cyber reconnaissance system used by US
China claims that an investigation into a cyberattack targeting the Wuhan Earthquake Monitoring Center has led to the discovery of malware that appears to be part of a global cyber reconnaissance system used by US intelligence agencies.
LinkedIn accounts hacked
The accounts of many LinkedIn users have been hijacked in recent months, according to Cyberint. In some cases, users were locked out of their accounts by LinkedIn due to repeated hacking attempts. The attackers’ goal is currently unclear. The campaign could involve the use of compromised credentials or brute-force attacks targeting accounts with weak passwords.
Zimbra users targeted in ongoing phishing campaign
ESET has uncovered an ongoing mass-spreading phishing campaign focused on stealing Zimbra account credentials. The attacks started in April 2023 and mainly hit users in Poland, with Ecuador and Italy registering a large number of victims as well. ESET has not attributed the attacks to a known threat actor.
Cuba ransomware targets US critical infrastructure
The Cuba ransomware cybergang was seen targeting a US critical infrastructure organization and an IT integrator in Latin America recently, in attacks that also show a change in tactics, such as the exploitation of a recent Veeam vulnerability (CVE-2023-27532). The threat actor used tools such as the Bughatch downloader, Burntcigar antimalware killer, Metasploit, and Cobalt Strike, as well as various off-the-shelf tools.
White House pushes federal agencies to ramp up cybersecurity
The White House has ordered federal agencies to ramp up their cybersecurity stance, after learning that, as of June 2023, many of them failed to comply with the security practices detailed in President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity. National security adviser Jake Sullivan asked department officials to ensure full compliance by year’s end, CNN reports.