The latest in cybersecurity: Apple, PyLoose, Crypto Mining, Ghostscript, SonicWall, Clop, Ernst & Young, China, Radisson, Telekom Malaysia, Tampa Bay Zoo, GitHub.
Apple has advised users to uninstall the emergency software updates released on Monday to address a zero-day vulnerability, as the fix has led to some websites not displaying correctly. While patches to resolve the issue are expected to be available soon, Apple has not provided details on how the web-surfing problem occurred. Users have reported that the updates changed the Safari user agent, resulting in the disruption of certain websites like Facebook, Instagram, and Zoom.
A new fileless attack called PyLoose has been discovered, which utilizes Python code to load a cryptocurrency miner directly into memory, bypassing traditional file-based detection methods. The attack, observed by cloud security firm Wiz, marks the first documented Python-based fileless attack targeting cloud workloads. With nearly 200 instances of the attack method identified, the threat actor behind PyLoose demonstrates sophisticated capabilities, although further details about their identity remain unknown.
The Russian state-sponsored hacking group APT29, known for its cyberespionage campaigns, has taken a new approach by using unconventional lures like car listings to entice diplomats in Ukraine. Linked to the Russian government’s Foreign Intelligence Service (SVR), APT29 has targeted high-interest individuals globally in the past, with a focus on NATO, EU, and Ukrainian targets. The recent operation discovered by Palo Alto Network’s Unit 42 reveals APT29’s evolution in phishing tactics, using personalized lures to deliver malware to diplomatic missions in Kyiv, Ukraine, including those of the United States, Canada, and other countries.
SonicWall has issued a warning to its customers regarding multiple critical vulnerabilities found in its Global Management System (GMS) and Analytics network reporting engine software suites. These vulnerabilities could allow threat actors to bypass authentication and gain unauthorized access to sensitive information. Admins are advised to upgrade to the respective patched versions immediately to mitigate these risks.
A critical-severity remote code execution flaw, CVE-2023-3664, has been discovered in Ghostscript, an open-source interpreter widely used in Linux for handling PostScript language and PDF files. The vulnerability affects all versions of Ghostscript prior to 10.01.2 and can be triggered by opening a specially-crafted file, potentially leading to code execution. With Ghostscript being a default component in various Linux distributions and used by popular software such as LibreOffice and GIMP, the potential attack surface is significant.
Sixty-two clients of Ernst & Young, including major Canadian organizations like Air Canada and Sun Life Assurance, have fallen victim to the Clop ransomware group’s supply chain attack on MOVEit file transfer software. The attack resulted in the leak of 3 terabytes of critical data, such as financial reports, passport scans, and contracts. Security experts estimate that over 16 million individuals have been affected by the attacks, highlighting the urgent need for organizations to strengthen their cybersecurity measures and monitor potential vulnerabilities.
China-based hackers have conducted a sophisticated spying campaign, breaching email accounts at two-dozen organizations, including several US government agencies, according to Microsoft and White House statements. The full extent of the hack is still being investigated, but efforts are underway to assess the impact and mitigate the damage caused. The State Department was among the first to detect the suspicious activity and reported it to Microsoft, leading to further investigation.
Telekom Malaysia (TM) has confirmed a recent data breach affecting historical Unifi customers, exposing personal information such as names, national identification, passport numbers, and contact details. The company assured customers that no financial information was compromised and stated that the breach has been contained, with proactive measures taken to protect data across its platforms. TM has notified affected customers about the breach and advised them to remain cautious of phishing tactics and online scams, while also reporting the incident to relevant authorities to address the matter. Despite the breach, TM assured its customers that its Unifi services continue to operate without any impact on users.
Several high-profile organizations, including Radisson Hotels and major insurance companies, have disclosed data breaches resulting from the exploitation of a vulnerability in the popular file transfer tool MOVEit. The breach, affecting over 250 organizations, was linked to the Clop ransomware group. Radisson Hotels Americas confirmed that guest records were accessed, and American National Insurance Company and Sun Life reported ongoing investigations into potential data compromise.
ZooTampa, one of the U.S.’s most popular zoos, has fallen victim to a cyberattack resulting in the theft of employee and vendor information. The attack is believed to be the work of a new ransomware gang called BlackSuit, which claims to be an offshoot of the notorious Royal ransomware group. The zoo took immediate action, engaging forensic specialists and notifying affected individuals, while federal law enforcement is also involved in the investigation.
Retired workers with the State of Tennessee have received notice that their personal information was accessed in a recent data security breach. The breach, which occurred through a file transfer software vendor owned by Pension Benefits Information (PBI), impacted over 170,000 members of the Tennessee consolidated retirement system and their beneficiaries. Hackers obtained sensitive data such as names, social security numbers, dates of birth, and mailing addresses, while no banking information was compromised. In response, treasury officials have committed to providing credit monitoring and identity restoration services to affected members.
GitHub has unveiled its public beta of passwordless authentication support, introducing passkeys as a more secure alternative to security keys. Passkeys, associated with individual devices, enhance security by protecting against phishing attacks and credential theft. They offer improved user experience and security by eliminating the need to remember multiple passwords and enabling authentication through personal identification numbers or biometric methods. GitHub’s latest move further enhances software supply chain security and follows its previous efforts to strengthen account security through measures such as two-factor authentication and device verification.
A 34-year-old senior security engineer, Shakeeb Ahmed, allegedly stole millions of dollars from a decentralized crypto exchange last year. After the heist, he sought guidance on the web regarding purchasing another citizenship and escaping the United States with his ill-gotten gains. Ahmed exploited the exchange’s liquidity pools using computer code and manipulated the protocol into paying him $9 million for crypto he did not deposit. While he returned most of the funds and disclosed vulnerabilities to the exchange, his subsequent online searches for wire fraud, evidence laundering, and buying citizenship led to his arrest in New York City. Ahmed now faces charges of wire fraud and money laundering, potentially resulting in a maximum prison sentence of 20 years for each offense.
As the notorious Cl0p ransomware gang wreaks havoc on global organizations like Deutsche Bank and the BBC, Cybernews has uncovered evidence suggesting that one of the masterminds behind the group is still operating from Ukraine. Despite previous arrests and the dismantling of their infrastructure, Cl0p has resurfaced and targeted major banks across Europe by exploiting vulnerabilities in third-party vendors. The discovery of a Cl0p developer’s location in Kramatorsk, Ukraine, reveals the continued presence of this Russia-affiliated gang in the country.
Prime Minister Edi Rama of Albania expressed his concerns on Tuesday about the lack of sufficient funding from the United States to protect his country against cyberattacks, criticizing Congress for not providing necessary funds. Rama emphasized the need for increased financial support to strengthen Albania’s cyber defense capabilities, particularly following a major cyber attack last July that disrupted government services. Despite Albania’s digital advancements and provision of online services to citizens, Rama highlighted the country’s vulnerability and the ongoing challenge of securing cyber defenses.