Security News > 2023 > December

Iran-linked cyber thugs have exploited Israeli-made programmable logic controllers used in "Multiple" water systems and other operational technology environments at facilities across the US, according to multiple law enforcement agencies. The gang did not need sophisticated tactics to run this attack: the joint advisory suggests Cyberav3ngers likely broke into US-based water facilities by using default passwords for internet-accessible PLCs. The alert was issued just days after CISA said it was investigating a cyberattack against a Pennsylvania water authority by the IRGC-backed crew, which forced operators to switch a pumping station to manual control.

Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. Windows Copilot started rolling out to Windows 11 22H2 devices in September and now is enabled by default on systems running Windows 11 23H2. After installing the KB5032288 preview update, the company says the AI-powered digital assistant will be available across multiple displays and will also show up as a thumbnail preview in the Alt+Tab dialog.

Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. The known issue only impacts Outlook for Microsoft 365 users and those in the Current Channel channel using Outlook build 17029.

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. P2Pinfect was discovered in July 2023 by Palo Alto Networks analysts as a new Rust-based worm that targets Redis servers vulnerable to CVE-2022-0543.

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks, including CVE-2023-38831 in WinRAR and CVE-2021-40444 in Windows MSHTML. Outlook flaw exploitation background.

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.

Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch. The company has numerous well-known customers, including Twitch, Roblox, ZipRecruiter, Roku, GoDaddy, Canva, and X. "Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers," Tipalti told BleepingComputer in a statement.

Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch. The company has numerous well-known customers, including Twitch, Roblox, ZipRecruiter, Roku, GoDaddy, Canva, and X. "Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers," Tipalti told BleepingComputer in a statement.

There's no sugarcoating this news: The Hershey Company has disclosed cyber crooks gobbled up 2,214 people's financial information following a phishing campaign that netted the chocolate maker's data. In a letter sent to affected individuals, Hershey says it recently wrapped up its investigation, and says the thief "May have had access to certain personal information," but adds that there is "No evidence that any information was acquired or misused." [PDF].

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The emails pretend to be from WordPress, warning that a new critical remote code execution flaw in the platform was detected on the admin's site, urging them to download and install a plugin that allegedly addresses the security issue.