22-Aug-23: In Security News Today

Vulnerabilities in TP-Link Tapo L530E Smart Bulb and App Allow Wi-Fi Password Theft

Academic researchers have identified four vulnerabilities in the TP-Link Tapo L530E smart bulb and its accompanying mobile application that can be exploited to obtain the local Wi-Fi network’s password. The most severe vulnerability allows an attacker to impersonate a smart bulb and authenticate to the application, while the second vulnerability exposes a hardcoded, short shared secret. The remaining vulnerabilities allow an attacker to tamper with the authentication process and reuse messages sent by the application.

Ivanti Releases Patch for Critical Vulnerability in Sentry Gateway Technology

Ivanti has released a security patch to address a zero-day vulnerability in its Sentry security gateway product. The vulnerability, tracked as CVE-2023-38035, allows attackers to bypass authentication controls and gain unauthenticated access to sensitive APIs. The flaw has a severity rating of 9.8 out of 10 and organizations are advised to restrict access to the administrator portal and apply the security patch immediately.

Ransomware Group Leaks Data from Seiko Watchmaking Giant

The BlackCat/ALPHV ransomware group has claimed responsibility for a data breach at Seiko, a Japanese watchmaking company. The cybercriminals have started leaking stolen files, including employee information, production technology details, and confidential documents. The group is threatening to sell or leak more information if their demands are not met.

Chinese APT Targets Hong Kong in Supply Chain Attack

A China-backed advanced persistent threat (APT) group known as Carderbee has targeted organizations in Hong Kong in a supply chain attack. The group used a compromised version of Cobra DocGuard, a legitimate software produced by Chinese firm EsafeNet, to gain access to victims’ networks. The attackers deployed the PlugX/Korplug backdoor, signed with a Microsoft certificate, to carry out the attack, making it more difficult for security software to detect.

CISA Warns of Exploited Adobe ColdFusion Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an Adobe ColdFusion vulnerability, CVE-2023-26359, that has been exploited in attacks. The vulnerability, which was patched in March, is described as a critical data deserialization issue that allows for arbitrary code execution. CISA has instructed government organizations to address the vulnerability by September 11, as part of efforts to reduce the risk posed by known exploited vulnerabilities.

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, cataloged as CVE-2023-26359, is a deserialization flaw that could result in arbitrary code execution without user interaction. The flaw was patched by Adobe in March 2023, but it is unclear how it is being exploited in the wild.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.