SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
CISA hacked via Ivanti vulnerabilities
The US cybersecurity agency CISA took two of its systems offline last month after discovering that they had been compromised through the exploitation of vulnerabilities in Ivanti products, The Record reported. The impacted devices were reportedly associated with systems that house critical chemical sector information. It’s unclear if the attackers targeted CISA’s Ivanti devices as part of a targeted attack, and whether any information was compromised.
Microsoft Configuration Manager attack techniques disclosed
Researchers at SpecterOps have identified 22 new techniques for attacking Microsoft Configuration Manager, formerly System Center Configuration Manager, or using it post-exploitation. They found that the Configuration Manager is an easy target that offers many ways for an attacker to move laterally or escalate privileges, enabling them to deploy malware or steal sensitive information.
Tuta emails protected with quantum-safe encryption
Privacy-focused email service Tuta announced TutaCrypt, a post-quantum encryption protocol. This hybrid protocol combines quantum-safe algorithms with traditional algorithms. The move allegedly makes Tuta the first provider that can protect emails from quantum computer attacks.
Russian independent news site Meduza hit by intense cyberattacks
Meduza, the independent news website focusing on Russia, has been hit by what it described as “the most intense cyberattack campaign in its history”. The site is regularly targeted in cyberattacks, but the attacks intensified around the time of Alexey Navalny’s death. The organization has been targeted with DDoS attacks and the Russian government has been getting better at identifying and shutting down mirror servers.
Zoom, Palo Alto Networks and Mitel patches
Zoom released two new advisories this week, including one describing a high-severity improper access control flaw that can be used for DoS attacks.
Palo Alto Networks released three new advisories, describing medium-severity issues that can be exploited to cause disruption, escalate privileges, or disable protection.
Mitel has patched a critical vulnerability in InAttend and CMG that could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands.
US lawmaker concerned about Chinese electronic lock backdoors
US Senator Ron Wyden has raised concerns over the potential risks associated with electronic locks made by Chinese companies. Specifically, the lawmaker pointed out that electronic locks such as the ones used for safes can be unlocked using special ‘manufacturer’ or ‘management’ reset codes. These backdoor codes are mainly present in consumer products that are not approved for use by the government, but Wyden is concerned that the codes are a “juicy target for hacking or espionage” and they could allow foreign adversaries to steal sensitive information stored by US businesses in safes, including intellectual property and trade secrets.
12 million secrets detected on GitHub in 2023
GitGuardian detected more than 12 million new secrets in public GitHub commits in 2023 — the number has increased four times over the past four years. Secrets such as credentials, tokens, and keys were found in 8 million commits. The company reported finding over one million occurrences of Google API secrets, 250,000 Google Cloud secrets, and 140,000 AWS secrets.
BlackBerry sees one million attacks on global financial sector in 120 days
BlackBerry’s new Global Threat Intelligence report reveals that the company saw one million attacks aimed at the global financial sector over a period of 120 days. The company also saw a 27% increase in novel malware, and found that 62% of industry-related attacks were aimed at critical infrastructure.
CISA SCuBA hybrid identity solutions guidance
CISA has published new guidance (PDF) to help organizations make better decisions when implementing identity management capabilities. The document was released as part of CISA’s Secure Cloud Business Application (SCuBA) project, which aims to help governmental agencies and public entities effectively implement cybersecurity when migrating to the cloud.
Related: In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware
Related: In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility
