Advantech WiFi flaws, T-Mobile block attack, UK hospital cyberattack
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Patch alert after flaws identified in Advantech industrial Wi-Fi access points
Twenty security vulnerabilities have been identified in Advantech EKI industrial-grade wireless access point devices. According to cybersecurity company Nozomi Networks, some of these could be weaponized to bypass authentication and execute code with elevated privileges. Six of these vulnerabilities have been deemed critical, with a CVSS score of 9.8, “allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration.”
T-Mobile confirms Salt Typhoon attack was blocked
As one of the U.S.-based telecommunications companies that was targeted recently by the Salt Typhoon cyberespionage campaign, T-Mobile’s Chief Security Officer, Jeff Simon, “on Wednesday shared additional information in an attempt to clear up what the company described as misleading media reports.” He stated that its defenses managed to protect sensitive customer information and prevented any service disruptions. It was also revealed that attack originated from a wireline provider’s network connected to T-Mobile’s own network, which was quickly cut off.
UK hospital network postpones procedures after cyberattack
Wirral University Teaching Hospital (WUTH), is a public healthcare organization in the United Kingdom that operates four hospitals. The attack on its systems was disclosed on Monday, and the disruptions are ongoing. The damage was being described as huge, and this has resulted in the rescheduling of procedures and requests for patients to only visit their emergency rooms for the most pressing of emergencies. No group has yet claimed responsibility, and no time to restoration has been announced.
Hoboken, New Jersey suffers cyberattack
The attack occurred on Wednesday and has resulted in the shuttering of City Hall, along with many other services including municipal court and street sweeping. Parking enforcement, waste collection and recreational programs will still take place, the city said. No ransomware gang has yet taken credit for the attack.
Thanks to today’s episode sponsor, ThreatLocker
Microsoft fixes vulnerability in three major areas
Microsoft has patched vulnerabilities in Azure, Copilot Studio, and its Partner Network website, but no action is required of customers. Each of the vulnerabilities has been described as a privilege escalation issue. Its Partner Network website, specifically the ‘partner.microsoft.com’ domain, contained a “high-severity improper access control vulnerability that allowed an unauthenticated attacker to elevate privileges over a network. This vulnerability has been marked as ‘exploited’ but Microsoft would not share additional information.
Europe police decrypt Albanian drug smugglers encrypted communications, arrests made
European police say they have “disrupted a major Albanian drug smuggling gang after decrypting and analyzing private communications between the group and corrupt officials.” This is thanks to their access to SKY ECC, a Canadian-made encrypted chat platform that works with various handsets including iPhones, and which has been a favorite of the criminal underworld. Europol revealed that Albanian and Italian authorities have arrested 21 people, including a former judge, a lawyer, a police officer and two investigative journalists, as part of a major corruption investigation.
Researchers warn of critical flaw in ProjectSend open-source file-sharing application
Researchers at VulnCheck state that a vulnerability with a CVSS score of 9.8 appears to have been exploited by attackers in the wild. The vulnerability is an improper authentication issue that impacts ProjectSend versions before r1720, allowing attackers to create accounts, upload webshells, and embed malicious JavaScript. ProjectSend is an open-source file-sharing web application. “VulnCheck experts believe that threat actors started using the exploit code released by Project Discovery and Rapid7 since September 2024.”
UK government failing to list use of AI on mandatory register
Branches of the British government and civil service have been less that forthcoming about their use of artificial intelligence systems, even through required to do so by government. It is allegedly being used by government to “inform decisions on everything from benefit payments to immigration enforcement, and records show public bodies have awarded dozens of contracts for AI and algorithmic services.” This despite the government announcing in February this year that the use of the AI register would now be “a requirement for all government departments.” The British Home Office declined to comment.