IEEE Cipher --- Items from security-related news (E186)





Prior news summaries from Cipher



  • CyberSec EOs Skirt the Issue
    The Cybersecurity Patchwork Quilt Remains Incomplete
    Trump's first executive order on cybersecurity embraced more Biden initiatives than it overturned, but still misses the mark - accountability.
    Publisher: Lawfare
    Date: July 16, 2025
    By: Jim Dempsey

    Summary:
    Back in March we mentioned the uncertainty about the fate of Biden's executive order on software security. This article is an in depth analysis of Trump's recent EO on the same topic. It is interesting to note that neither order requires that software producers provide any guarantee of security. Instead, they attest to the integrity of their development processes.


  • Singing the Bluetooth Blues

    Cars have become systems of systems, and each new system have its growing pains when it comes to security. In this case, the infotainment system gave unrestricted entry via Bluetooth connections.

    Bluetooth Hack Exposes Millions of Cars to Remote Risk
    Bluetooth hack exposes millions of vehicles from Mercedes, VW, and Skoda to remote attacks. Here’s what drivers must know and how to protect themselves.
    Publisher: Testmiles
    Date: July 11, 2025
    By: nik

    Summary:
    Hacking car computer systems may seem laughably out-of-date in a world in which we are only a few steps away from self-driving vehicles. Surely they've got security worked out by now? But it doesn't get much worse than PerfektBlue: "Researchers demonstrated remote code execution on production vehicles using only a Bluetooth connection no cables, no ports, no physical access required." Four separate vulnerabilities were leveraged to carry out the deep access to the car's data, and potentially to driving controls. "If your car runs on BlueSDK and hasn’t been patched since September 2024, it’s potentially exposed." The SDK is the basis for some infotainment systems on cars.


    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda
    Publisher: Security Affairs
    Date: July 10, 2025
    By: Pierluigi Paganini

    Summary:
    Researchers at PCA Cyber Security (formerly formerly PCAutomotive) in 2024 identified 4 security flaws in the Bluetooth code provided by Open Synergy's in their SDK for Bluetooth. BlueSDK is a widely used framework used in cars. BlueSDK is a widely used framework used in cars. One of the vulnerabilities was designated "critical", and the PCA team did not disclose it until recently, after consultation with the software provider about the availability of patches. This article gives brief descriptions of the vulnerabilities and links to their CVE entries. Nonetheless, there is no further information available from CVE.org about the critical flaw: "Use-After-Free in AVRCP service"


  • GRU Moves Into the Cyber Era
    Profile: GRU cyber and hybrid threat operations
    Policy paper Published
    Publisher: UK.GOV
    Date: 18 July 2025

    Summary:
    The UK ministry of Defence has released a report about operations of the Russian GRU. "The UK is concerned that the GRU has used Ukraine as a testing ground for the development of a range of cyber capabilities, integrated into its military doctrine, since 2014 onwards." For example, email hacking was used as part the plot to poison of Sergei and Yulia Skripal in 2018 in the UK. The report covers actions of various GRU units, particularly Unit 29155 "also known as the 161st Specialist Training Center (TsPS), which has a cyber wing known in open source as Cadet Blizzard "


  • Rowhammer Slams Into GPUs
    GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

    Publisher: The Hacker News
    Date: Jul 12, 2025
    By: Ravie Lakshmanan

    Summary:
    GPUs are essential workhorses for artificial intelligence and many other applications today, but they recapitulate the security flaws of early computers, making them vulnerable to some well-known attacks. Researcher have demonstrated that RowHammer attacks are feasible on multi-tenant GPUs. "The most concerning consequence of this behavior, University of Toronto researchers found, is the degradation of an artificial intelligence (AI) model's accuracy from 80% to less than 1%." NVidia recommends enabling their error-correction code (ECC) option to protect the integrity of computations. Doing so can reduce the speed of computation by several per cent, and that may change the cost of doing AI business.


  • No Password for Old Men Weak password allowed hackers to sink a 158-year-old company

    Publisher: The BBC
    Date: Jul 21, 2025
    By: Richard Bilton

    Summary:
    The British transport company KNPT has been in business for a very long time, but modern technology and a small mistake led to its demise. At least one employee computer account had a weak password that was exploited to launch a ransomware attack. The ransom demand was exorbitant, and the company lost all its data. Although it had insurance against cyberattacks, it was no longer able to operate.

    The UK faces an increasing number of disruptive ransomware attacks from organized crime. The average demand is for 4 million pounds. One proposal for dealing with the crime wave would bar any company or governmental body from paying ransom.


  • OverSharing

    A zero day RCE exploit against Microsoft's SharePoint servers has dominated the security news cycle for several days. A previous patch for the problem, revealed at a hackathon last May, was easily overcome by Chinese hacking groups. Some hundreds of servers have been compromised. Updated patches are available, but ransomware on vulnerable servers is still spreading.

    Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

    Publisher: The Hacker News
    Date: Jul 20, 2025
    By: Ravie Lakshmanan

    Summary:
    Microsoft released an advisory message on July 19, 2025 about a severe security problem with their SharePoint Server implementations: "[D]eserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network" The code hidden in the deserialization is executed before authentication takes place, allowing unfettered access to data. The exploit point s the HTTP Referer header "provided to the ToolPane endpoint."


    Eye Security Detects Large-Scale Exploitation of Critical Microsoft SharePoint Vulnerability

    Publisher: Eye Security
    Date: July 20, 2025

    Summary:
    Researchers were investigating "unusual activity" on a SharePoint server, when they discovered something seriously awry: "... a malicious file had been uploaded, enabling exfiltration of cryptographic keys. These keys can be abused to bypass authentication and maintain persistent access to SharePoint environments, even after standard patching. During the triage, Eye Security learned it had stumbled upon a SharePoint 0-day used in the wild." This has impacted hundreds of systems.


    Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

    Publisher: Bleeping Computer
    Date: July 20, 2025
    By: Lawrence Abrams

    Summary:
    This article has more details about how the Remote Code Execution attack works, how to detect its activity, and which patches to apply.


    Microsoft knew of SharePoint server exploit but failed to effectively patch it
    Publisher: Reuters
    Date: July 22, 2025
    By: James Pearson

    Summary:
    Microsoft appears to have have stumbled in its efforts to provide patches for a SharePoint server vulnerability. "The vulnerability opening the way for the attack was first identified in May at a Berlin hacking competition, opens new tab organised by cybersecurity firm Trend Micro (4704.T), opens new tab that offered cash bounties for finding computer bugs in popular software." Although Microsoft provided patches on July 8, hackers reopened the wound 10 days later and mounted active attacks. The attacks have been attributed to Chinese hackers.


    Chinese Hackers Are Exploiting Flaws in Widely Used Software, Microsoft Says

    Publisher:
    Date: July 23, 2025
    By: Vivian Wang

    Summary:
    Microsoft said that the Chinese hacking groups Linen Typhoon and Violet Typhoon were actively exploiting unpatched SharePoint servers. The company has tracked the groups for several years and identified many of their targets. The cybersecurity firm Eye Security said that its investigations showed that about 6% of SharePoint servers worldwide had been infected.


    Microsoft server hack has now hit 400 victims, researchers say

    Publisher: Reuters
    Date: July 23, 2025

    Summary:
    Microsoft announced that a hacker group known as "Storm-2603" has used the SharePoint vulnerability for launching ransomware attacks.


    Alert: UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilitie s
    Publisher: CISA
    Date: July 24, 2025