Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list.

https://www.securityweek.com/mitre-updates-cwe-top-25-most-dangerous-software-weaknesses/

CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog, and they have all likely been exploited by a commercial spyware vendor.

CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. The six remaining security holes impact Samsung mobile devices and they were all patched by the technology giant in 2021.

The vulnerabilities include CVE-2021-25487, an out-of-bounds read in the modem interface driver that can lead to arbitrary code execution, fixed in October 2021. Samsung has classified the bug as ‘moderate’, but its NVD advisory says it’s ‘high severity’ based on CVSS score.

Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites.
https://www.securityweek.com/200000-wordpress-sites-exposed-to-attacks-exploiting-flaw-in-ultimate-member-plugin/

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023.

USB drive infects hospital’s systems

Check Point provides an in-depth analysis of malware attributed to China-based espionage group Camaro Dragon that infected an European healthcare institution after an employee participated in a conference in Asia. The malware self-propagates through USB drives and landed on the healthcare organization’s systems after the employee’s drive was accidentally infected during the conference.

Political agreement reached on EU cybersecurity regulation

A political agreement has been reached between the European Parliament and the Council of the EU regarding proposed cybersecurity rules whose goal is to boost security in EU institutions, bodies, offices and agencies.

The DDoSia project by pro-Russian hackers has seen significant growth this year as attackers continue to use the technology against countries critical of Russia’s invasion of Ukraine.

DDoSia is a distributed denial-of-service attack toolkit developed and used by the pro-Russia hacktivist group NoName057(16).

The group and its followers are actively deploying the tool against government agencies, media, and private companies in Lithuania, Ukraine, Poland, Italy, and other European countries, according to a report released by cybersecurity company Sekoia this week.

Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.

TSMC is one of the world’s largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics.