Tag Archive for: Newly

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

/in






Hi, what are you looking for?
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
This is the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said. 
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Advertisement. Scroll to continue reading.

Related: Qualcomm Patches 3 Zero-Days Reported by Google
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Patches Actively Exploited iOS, macOS Zero-Days
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs,…

Source…

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

/in


Jun 29, 2023Ravie LakshmananCyber Threat / Hacking

Info Stealer Malware

A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts.

Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name “CMK Правила оформления больничных листов.pdf.exe,” which translates to “CMK Rules for issuing sick leaves.pdf.exe.”

The arrival vector for the malware is presently unknown, although the nature of the lure points to it being used in a phishing campaign. The very first ThirdEye sample was uploaded to VirusTotal on April 4, 2023, with relatively fewer features.

The evolving stealer, like other malware families of its kind, is equipped to gather system metadata, including BIOS release date and vendor, total/free disk space on the C drive, currently running processes, register usernames, and volume information. The amassed details are then transmitted to a command-and-control (C2) server.

Cybersecurity

A notable trait of the malware is that it uses the string “3rd_eye” to beacon its presence to the C2 server.

There are no signs to suggest that ThirdEye has been utilized in the wild. That having said, given that a majority of the stealer artifacts were uploaded to VirusTotal from Russia, it’s likely that the malicious activity is aimed at Russian-speaking organizations.

“While this malware is not considered sophisticated, it’s designed to steal various information from compromised machines that can be used as stepping-stones for future attacks,” Fortinet researchers said, adding the collected data is “valuable for understanding and narrowing down potential targets.”

The development comes as trojanized installers for the popular Super Mario Bros video game franchise hosted on sketchy torrent sites are being used to propagate cryptocurrency miners and an open-source stealer written in C# called Umbral that exfiltrates data of interest using Discord Webhooks.

“The combination of mining and stealing activities leads to financial losses, a substantial decline in the victim’s system performance, and…

Source…

A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine

/in


Finally, the Russia-based ransomware gang Clop went on a hacking spree that hit US government agencies and international companies including Shell and British Airways. Clop hackers carried out their cybercriminal campaign by exploiting a vulnerability in the file-transfer service MOVEit. The flaw has since been patched, but the full extent of the stolen data and list of targets remains unclear.

But that’s not all. Each week, we round up the biggest security and privacy stories we weren’t able to cover in depth ourselves. Click on the headlines to read the full stories, and stay safe out there.

As Russia has carried out its unprecedented cyberwar in Ukraine over nearly a decade, its GRU military intelligence hackers have taken center stage. The notorious GRU hacker groups Sandworm and APT28 have triggered blackouts, launched countless destructive cyberattacks, released the NotPetya malware, and even attempted to spoof results in Ukraine’s 2014 presidential election. Now, according to Microsoft, there’s a new addition to that hyper-aggressive agency’s cyberwar-focused bench.

Microsoft this week named a new group of GRU hackers that it’s calling Cadet Blizzard, and has been tracking since just before Russia’s full-scale invasion of Ukraine in February 2022. Redmond’s cybersecurity analysts now blame Cadet Blizzard for the destructive malware known as WhisperGate, which hit an array of government agencies, nonprofits, IT organizations, and emergency services in Ukraine in January 2022, just a month before Russia’s invasion began. Microsoft also attributes to Cadet Blizzard a series of web defacements and a hack-and-leak operation known as Free Civilian that dumped the data of several Ukrainian hacking victim organizations online while loosely impersonating hacktivists, another of the GRU’s trademarks.

Microsoft assesses that Cadet Blizzard appears to have the help of at least one private sector Russian firm in its hacking campaign but that it’s neither as prolific nor as sophisticated as previously known GRU groups plaguing Ukraine. But as Russia has switched up the tempo of its cyberwar, focusing on quantity rather than quality of attacks, Cadet Blizzard may play a key…

Source…

Ransomware research reveals 12 vulnerabilities newly associated with ransomware in Q1 2023

/in


ALBUQUERQUE, N.M. — Ransomware attacks are rising, with attackers targeting over 7,000 products across 121 vendors used by enterprises for their operations. In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims.

The latest joint Ransomware Index Report has identified 12 vulnerabilities newly associated with ransomware in Q1 2023. The report provides an update on key metrics that are being tracked in relation to ransomware, providing valuable insights to enterprises on how to safeguard their data and assets from these escalating threats.

The top five takeaways from this report include:

  1. In Q1 2023, 12 new vulnerabilities have become associated with ransomware. 73% of these vulnerabilities were trending on the internet and the deep and dark web in the past quarter. With this increase, 7,444 products and 121 vendors are now vulnerable to ransomware attacks, of which Microsoft leads the pack with 135 ransomware-associated vulnerabilities.
  2. The complete MITRE ATT&CK kill chain is present in 59 vulnerabilities; two vulnerabilities are brand new. Vulnerabilities with a MITRE ATT&CK kill chain allow attackers to exploit them from end-to-end (initial access to exfiltration), making them extremely dangerous. However, popular scanners are currently failing to detect three of these vulnerabilities.
  3. Popular scanners do not detect 18 vulnerabilities associated with ransomware, exposing enterprises to significant risks.
  4. Open-source vulnerabilities have increased, with 119 ransomware-associated vulnerabilities now present in multiple vendors and products. This is an extremely pressing concern since open-source codes are used widely in many tools.
  5. Two APT groups have newly begun using ransomware as a weapon of choice, including DEV-0569 and Karakurt, bringing the overall number of APT groups capitalizing on ransomware to 52.

Commenting on the key takeaways, Aaron Sandeen, CEO and Co-founder of Securin, said, “We keep hearing from our customers across all industries how mitigating…

Source…