In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
The activity is associated with the Volt Typhoon APT. Ukraine claims destruction of Russia's federal tax agency's servers.
Ukraine's defense intelligence directorate claims to have wiped over 2,300 servers belonging to Russia's federal tax service, completely destroying the infrastructure.
Daniel Akira Mills, 22, of Round Rock, Texas, was sentenced to 24 months in prison for relying on SIM swapping to take over victims' phone numbers and stealing over $600,000 in cryptocurrency from dozens of individuals.
CISA assigns CVE to Unitronics vulnerability exploited in water attacks.
CISA has assigned the CVE identifier CVE-2023-6448 to the Unitronics Vision PLC insecure default password vulnerability exploited in recent attacks aimed at the US water sector.
Attackers associated with the Iranian government have hacked internet-exposed PLCs, presumably by accessing them using the default password '1111'.
CISA also added the CVE to its known exploited vulnerabilities database.
New DNS spoofing attacks abusing DHCP. Akamai draws attention to a new type of DNS spoofing attacks that leverage Microsoft Dynamic Host Configuration Protocol servers, allowing attackers to access Active Directory Integrated DNS zones without authentication.
One variation of the attack allows adversaries to overwrite existing DNS records.
Vulnerabilities in Edulog parental portal exposed K-12 student information.
Tenable identified several vulnerabilities in Edulog's parent portal that allowed access to sensitive K-12 student information, including names, bus routes, GPS location, parent contact information, and configuration details for school districts, including usernames and passwords.
Palo Alto Networks fixed a high-severity cross-site scripting bug in PAN-OS. Zoom resolved high-severity vulnerabilities in desktop and mobile clients.
Lee, who secured seed funding from DataTribe as an entrepreneur, will remain as the Dragos full-time CEO. Open source tool Swagger Jacker.
Bishop Fox has released a new open source tool named Swagger Jacker, designed to help audit OpenAPI definition files.
The command line tool enables offensive security professionals to identify potential vulnerabilities or misconfigurations in the API routes defined within the definition document.
Bishop Fox has published a blog post describing the tool and the source code is available on GitHub.
New 5th Gen Intel Xeon processors bring increased security.
Intel has launched its 5th Gen Xeon processors, which the company says bring improved performance and increased security.
With these new CPUs, Intel Trust Domain Extensions, which provides increased confidentiality and security at the VM level, will be generally available to all OEM and CSP solution providers.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 15 Dec 2023 15:13:04 +0000


Cyber News related to In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs

States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities - The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. Then it - along with several other water utilities - was struck by what federal authorities say are Iranian-backed ...
10 months ago Securityweek.com
Exclusive: Ukraine says joint mission with US derailed Moscow's cyberattacks - On a Wednesday afternoon in late September, the head of the cyber division of Ukraine's intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest - specifically how much a joint hunt forward ...
11 months ago Therecord.media
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
7 months ago Securelist.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs - Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. The activity is associated with the ...
10 months ago Securityweek.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
5 months ago Securelist.com
Russia Set to Ramp Up Attacks on Ukraine's Allies This Winter - Russia is set to ramp up cyber campaigns targeting Ukraine's allies as kinetic warfare slows this winter, according to a report by Cyjax. Researchers noted that Russia's missile production is struggling to keep pace with its tactical, operational and ...
10 months ago Infosecurity-magazine.com
Water services giant Veolia North America hit by ransomware attack - Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. After detecting the attack, Veolia has ...
9 months ago Bleepingcomputer.com
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
11 months ago Therecord.media
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks - A regulatory agency in Florida that oversees the long-term supply of drinking water confirmed that it responded to a cyberattack over the last week as the top cybersecurity agencies in the U.S. warned of foreign attacks on water utilities. The agency ...
11 months ago Therecord.media
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
5 months ago Securityweek.com
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
5 months ago Packetstormsecurity.com
Ukraine says Russia hacked web cameras to spy on targets in Kyiv - Ukraine's security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine's capital, Kyiv. The cameras were installed on residential ...
10 months ago Therecord.media
Monthly Overview of Global Threats Involving IronNet - At the beginning of each month, we will be releasing blogs that analyze the intersection of geopolitical activity and cyber operations. We will be focusing on the strategies and motivations of Russia, China, Iran, and North Korea that could be a ...
1 year ago Ironnet.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
11 months ago Securityweek.com
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
11 months ago Therecord.media
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere - Three members of Congress have asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting the nation's top cyberdefense agency to warn other water and sewage-treatment utilities that ...
11 months ago Securityweek.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
10 months ago Bleepingcomputer.com
Cyberattack on Irish Utility Cuts Off Water Supply for Two Days - An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days. The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack ...
10 months ago Packetstormsecurity.com
EU Formalizes Cybersecurity Support For Ukraine - The EU has cemented ties with Ukraine on cybersecurity cooperation, with a new formal agreement designed to improve information sharing and capacity building. Announced today, the agreement formalizes discussions begun in Warsaw during the EU-Ukraine ...
11 months ago Infosecurity-magazine.com
Hackers breach US water facility via exposed Unitronics PLCs - CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could ...
11 months ago Bleepingcomputer.com
Hackers Hijacked Irish Water Facility that Interrupted Supply - Recently, there was a cyberattack on an Irish water utility that resulted in hackers gaining control of the system and disrupting the water supply. Last week, a private group water system in the Erris area was targeted by cybercriminals in a ...
10 months ago Cybersecuritynews.com
Intel out-of-band patch addresses privilege escalation flaw The Register - Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips. The flaw, designated INTEL-SA-00950 and given a CVSS 3.0 score of 8.8 out of 10, affects Intel ...
11 months ago Theregister.com
7 Critical ICS Flaws Unpatched as Critical Infrastructure Attacks Rise - As cyberattacks against critical infrastructure rise, there remains a number of unpatched vulnerabilities in Industrial Control Systems (ICS) that can be exploited. In a recent report from Cybersecurity Ventures, 100 percent of ICS nodes were ...
1 year ago Csoonline.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)