December 15, 2023 at 09:54AM
SecurityWeek’s weekly cybersecurity roundup offers a concise compilation of notable stories, covering topics like Chinese APT hacking, Ukraine’s server destruction, cryptocurrency theft, ransomware gang arrests, vulnerabilities, and software patches. It also highlights industry news such as Dragos CEO joining DataTribe and the launch of 5th Gen Intel Xeon processors with increased security features.
Here are the key takeaways from this week’s cybersecurity roundup:
1. Chinese APT Hacks US Critical Entities: Chinese state-sponsored hackers breached systems of two dozen critical entities in the US as part of efforts to impede US response to potential conflict in Taiwan.
2. Ukraine Destroys Russia’s Tax Agency Servers: Ukraine’s GUR claims to have wiped over 2,300 servers belonging to Russia’s federal tax service, erasing databases and preventing regional servers from connecting to FNS.
3. SIM Swapper Sentenced: Daniel Akira Mills was sentenced to 24 months in prison for using SIM swapping to steal over $600,000 in cryptocurrency.
4. Hive Ransomware Gang Member Arrested: French police arrested a suspected member of the Hive ransomware gang and discovered a significant amount of cryptocurrency in his possession.
5. CISA Assigns CVE to Unitronics Vulnerability: CISA has assigned the CVE identifier CVE-2023-6448 to the Unitronics Vision PLC insecure default password vulnerability.
6. New DNS Spoofing Attacks: Akamai highlights new DNS spoofing attacks abusing Microsoft Dynamic Host Configuration Protocol (DHCP) servers, allowing attackers to overwrite existing DNS records.
7. Edulog Parent Portal Vulnerabilities: Tenable identified vulnerabilities in Edulog’s parent portal that exposed sensitive K-12 student information.
8. Patches Released by Fortinet, Zoom, Palo Alto Networks, and Ivanti: Various high-severity flaws have been patched in products from Fortinet, Zoom, Palo Alto Networks, and Ivanti.
9. Dragos CEO Joins DataTribe: Robert Lee, CEO of Dragos, has joined venture capital firm DataTribe as a venture partner.
10. Open Source Tool Swagger Jacker: Bishop Fox released an open source tool named Swagger Jacker to audit OpenAPI definition files for potential vulnerabilities or misconfigurations.
11. New 5th Gen Intel Xeon Processors: Intel has launched its 5th Gen Xeon processors, bringing improved performance and increased security features.
These stories provide insight into recent cyber threats, vulnerabilities, and industry developments.