Connect with us

Hi, what are you looking for?



In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023.

Cybersecurity news roundup

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:    

Zoom’s Zero Touch Provisioning allows remote hacking of desk phones

An attacker can abuse Zoom’s Zero Touch Provisioning to remotely hack desk phones and eavesdrop on rooms or phone calls, move laterally within the corporate network, or build a botnet of compromised devices. Some of the vulnerabilities involved in the attack have only been partially fixed or not patched at all. 

MaginotDNS cache poisoning attack against DNS servers

Advertisement. Scroll to continue reading.

Researchers have described MaginotDNS, a new cache poisoning attack method targeting DNS servers. MaginotDNS leverages bailiwick vulnerabilities and works against DNS software such as BIND and Microsoft DNS.   

Unfixed PowerShell Gallery vulnerabilities could allow supply chain attacks

A series of vulnerabilities in PowerShell Gallery, the central repository for sharing PowerShell code, can be exploited for typosquatting attacks and they could allow supply chain attacks. Aqua Security reported the issues to Microsoft, but they remain unpatched.  

Exploiting Moovit vulnerabilities to get free train tickets and user information

SafeBreach researchers have found a series of vulnerabilities in the products of Moovit, a mobility-as-a-service (MaaS) operator whose solutions are used worldwide. The flaws could have allowed a hacker to get free train tickets and obtain user information. Moovit was informed about the vulnerabilities and it has released patches. Customers do not need to take any action. 

Atlassian patches Confluence Server and Data Center vulnerability

Atlassian has released patches for CVE-2023-28709, a high-severity vulnerability related to third-party dependencies. An attacker could exploit the security hole for DoS attacks. 

Russia-linked attacks on NATO-aligned Ministries of Foreign Affairs

EclecticIQ has detailed a Russia-linked cyberespionage campaign that leverages PDF files purportedly coming from a German embassy to target Ministries of Foreign Affairs in NATO-aligned countries. 

China allegedly discovered cyber reconnaissance system used by US

China claims that an investigation into a cyberattack targeting the Wuhan Earthquake Monitoring Center has led to the discovery of malware that appears to be part of a global cyber reconnaissance system used by US intelligence agencies. 

LinkedIn accounts hacked

The accounts of many LinkedIn users have been hijacked in recent months, according to Cyberint. In some cases, users were locked out of their accounts by LinkedIn due to repeated hacking attempts. The attackers’ goal is currently unclear. The campaign could involve the use of compromised credentials or brute-force attacks targeting accounts with weak passwords. 

Zimbra users targeted in ongoing phishing campaign

ESET has uncovered an ongoing mass-spreading phishing campaign focused on stealing Zimbra account credentials. The attacks started in April 2023 and mainly hit users in Poland, with Ecuador and Italy registering a large number of victims as well. ESET has not attributed the attacks to a known threat actor.

Cuba ransomware targets US critical infrastructure 

The Cuba ransomware cybergang was seen targeting a US critical infrastructure organization and an IT integrator in Latin America recently, in attacks that also show a change in tactics, such as the exploitation of a recent Veeam vulnerability (CVE-2023-27532). The threat actor used tools such as the Bughatch downloader, Burntcigar antimalware killer, Metasploit, and Cobalt Strike, as well as various off-the-shelf tools.

White House pushes federal agencies to ramp up cybersecurity 

The White House has ordered federal agencies to ramp up their cybersecurity stance, after learning that, as of June 2023, many of them failed to comply with the security practices detailed in President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity. National security adviser Jake Sullivan asked department officials to ensure full compliance by year’s end, CNN reports

Related: In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

Related: In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust Vulnerability

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.