Apple, Google release security updates to fix zero-days in Chrome, iOS, macOS
Apple has issued security updates to address two zero-day vulnerabilities, which the tech giant says may have been exploited in the wild. Both zero-days have been described as an out-of-bounds write issue and both allow arbitrary code execution.
Google has rolled out the Chrome 104 security update to fix over 10 security vulnerabilities, including a zero-day flaw being actively exploited in cyberattacks. Tracked as CVE-2022-2856, the vulnerability could be exploited by a remote attacker for arbitrary code execution.
Neither Apple, nor Google provided technical details regarding hacker attacks that exploited the above mentioned zero-day vulnerabilities.
Russia-linked Gamaredon continues to target Ukrainian orgs with info-stealers
A Russia-linked hacker group known as Gamaredon (Armageddon or Shuckworm) is continuing to attack organizations in Ukraine with info-stealing malware. The ongoing cyber campaign is said to be an extension of the attacks detailed by Ukraine’s computer emergency response team in July 2022.
The observed campaign involved phishing attacks targeting Ukrainian entities that delivered information stealing malware onto the victim machines.
Disc-wiping malware attacks spill beyond Ukraine to 24 countries
The war in Ukraine prompted a substantial increase in disk wiping malware among threat actors primarily targeting critical infrastructure, according to a new Fortinet report. The researchers discovered at least seven new variants of wiper malware in the first six months of 2022 that were used in attacks against government, military, and private organizations. Fortinet notes that they spotted wipers in 24 countries besides Ukraine.
The report also notes that in the past six month the number of new ransomware variants have risen by nearly 100%, which can be attributed to the increasing popularity of Ransomware-as-a-service models on the dark web.
Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine
Microsoft said it disrupted a hacking and social engineering operation associated with a Russia-linked cyber espionage group identified as Seaborgium that targets individuals and organizations in NATO countries.
The group’s targets include defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education institutions. Seaborgium’ s modus operandi involves creating online personas via email, social media accounts and LinkedIn profiles that are used in social engineering schemes targeting individuals or organizations of interest.
Ransomware gang target UK water supplier but send ransom demand to the wrong company
South Staffordshire, a UK drinking water utility, which provides water to 1.6 million customers daily, has suffered a ransomware attack, which disrupted it corporate IT systems, but didn’t impact the company’s ability to supply drinking water.
The Cl0p ransomware gang claimed the breach in a post on their data leak website, although initially the ransomware operators mistakenly named Thames Water, one of the UK’s largest drinking water utility, as their victim. After the news broke the gang quickly corrected the error and named South Staffordshire as the actual victim.
The LockBit ransomware gang claims responsibility for June attack on digital security giant Entrust
US-based digital security giant Entrust revealed in June it was hit by a cyberattack attack, which led to the theft of corporate data from the company’s systems. At the time, Entrust didn’t disclose the nature of the attack, but some security researchers suggested it was a ransomware incident.
Now, it appears that the LockBit ransomware group may be responsible for the hack. The group has created a dedicated data leak page for Entrust on their website, announcing that they would publish stolen data on the night of August 19.
Zero Day Initiative cuts some vulnerability disclosure timelines
Trend Micro's Zero Day Initiative (ZDI) announced changes to its bug bounty program in a move designed to prompt vendors take a quicker action when it comes to ineffective patches. According to the new strategy, the ZDI will give vendors 30 days to fix critical vulnerabilities where exploitation is expected, 60 days for critical and high-severity bugs where the preexisting patch provides some protection, and 90 days for lower-severity flaws where no immediate exploitation is expected.
Researchers warn of a risk to critical infrastructure due to thousands exposed VNC instances
Multiple organizations worldwide might be at risk of remote hacking due to thousands Virtual Network Computing (VNC) instances being exposed on the internet, including those in the critical infrastructure sectors.
Cybersecurity researchers found more than 8,000 VNC instances available on the internet without authentication, including multiple Human Machine Interface (HMI) systems, Supervisory Control And Data Acquisition Systems (SCADA), Workstations, etc., connected through VNC. The top 5 countries with the highest number of exposed VNC instances include China, Sweden, the United States, Spain, and Brazil.
China-linked hackers caught backdooring chat app with malware
A China-linked hacker group tracked as Lucky Mouse, Emissary Panda, or APT27 has been using a trojanized cross-platform instant messenger application focused on the Chinese market known as 'MiMi,' to deliver versions of the HyperBro and rshell backdoors to infected users. The researchers identified 13 different victims in Taiwan and the Philippines, including a Taiwanese gaming development company.
Google blocked a record HTTPS-based DDoS attack that reached 46M RPS
Google said it blocked a HTTPS-based distributed denial-of-service (DDoS) attack that reached 46 million requests per second (RPS), making it the largest attack of its kind recorded to date. This attack tops previous record-breaking HTTPS DDoS attack that hit 26 million RPS mitigated by Cloudflare in June.
The attack targeted an unnamed Google Cloud Armor customer, with 5,256 source IPs from 132 countries contributing to the attack. Google said it believes that the attack was carried out using the Meris botnet, responsible for huge waves of distributed denial-of-service attacks.
Researchers detail malware deployed during the Russo-Ukrainian war
Security researchers at Trustwave have published a lengthy overview of hacker groups and cyber weapons observed during the ongoing Russia’s invasion of Ukraine. The report covers multiple Russia-linked threat actors (such as APT28, APT29, Sandworm, Dragonfly, Gamaredon) involved in the attacks on Ukrainian organizations, as well as initial vectors of the attacks and malware stains used (HermeticWiper, HermeticRansom, IsaacWiper, AcidRain, and others).
DarkTortilla crypter delivers RATs and infostealers
Security researchers have shared a technical analysis of a .NET-based evasive crypter named DarkTortilla that has been used by malicious actors to distribute popular information stealing malware and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine, as well as payloads such as Cobalt Strike and Metasploit. DarkTortilla can also deliver “addon packages” such as additional malicious payloads, benign decoy documents, and executables.
According to the researchers, from January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.