SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Details disclosed for unauthenticated RCE vulnerability in IBM i DDM
Silent signal has disclosed the technical details of CVE-2023-30990, a vulnerability in IBM i’s distributed data management (DDM) service, which allows an unauthenticated, remote attacker to execute arbitrary code. IBM has patched the flaw.
Details disclosed for Siemens vulnerabilities that could threaten power grids
SEC Consult has published a technical advisory for several vulnerabilities affecting Siemens’ Sicam A8000 remote terminal units (RTUs), including a critical flaw that could allow malicious hackers to destabilize a power grid.
Vulnerability in Medtronic cardiac device data management product
CISA and healthcare technology firm Medtronic have informed users about the existence of a critical vulnerability affecting Medtronic’s Paceart Optima cardiac device data management product. Exploitation can lead to DoS attacks or remote code execution. The vendor has released a patch and there is no evidence of exploitation in the wild.
ImmuniWeb adds email security test to its free product
Web security firm ImmuniWeb has added email security testing to its free product, which also includes cloud security, mobile app security, dark web exposure, SSL security, and website security testing.
Tool for sending phishing messages to Teams users
A member of the US Navy’s Red Team has released an open source tool named TeamsPhisher that allows users to bypass security features and deliver phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. Microsoft does not seem too concerned, pointing out that social engineering is involved.
Chinese APT targeting European government entities
Check Point has a report on a campaign dubbed SmugX. The campaign is the work of a Chinese threat actor targeting foreign and domestic policy-focused government entities in Europe. The attackers have exploited HTML smuggling to deliver malware.
Silentbob’s cloud attack delivering cryptominer
Cloud security firm Aqua Security has detailed a campaign it has linked to TeamTNT, a threat group known for targeting cloud and container environments to deploy cryptocurrency miners. The campaign is in its early stages, with infrastructure being prepared for a worm-like expansion across misconfigured Docker APIs and JupyterLAb instances.
Malicious NPM packages used in supply chain and phishing attacks
ReversingLabs has discovered over a dozen malicious packages in the NPM repository, which were used to power both phishing attacks and software supply chain compromises. Some of the packages supported the harvesting of Microsoft credentials, while others would implant credential harvesting scripts in software. Mimicking legitimate NPM modules, the malicious packages were published between May 11 and June 13.
AI-generated books flood Amazon
A flurry of AI-generated ebooks flooded Amazon, taking the spotlight in the detriment of real, legit books. Described as ‘nonsensical and incoherent’, these books could potentially facilitate click-farming, generating illicit revenue – Amazon Kindle Unlimited pays authors by the number of pages read — and also raise concerns of quality control and authenticity.