Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 16 - 22 September
Apple patches three new 0-days
Apple has released two emergency security updates that patch three new 0-day vulnerabilities that could have been exploited.
On the one hand, the first of the security advisories published by Apple, focused on macOS Ventura, addresses CVE-2023-41992, which affects the Kernel Framework and can be exploited by a threat actor for privilege escalation, and CVE-2023-41991, a flaw that affects the Security Framework and can be used to bypass signature validation using malicious applications.
On the other hand, the second advisory deals with iOS and iPadOS and also includes the patching of the vulnerability CVE-2023-41993, which affects the WebKit browser engine and could allow an attacker to execute arbitrary code remotely.
The three 0-days have been patched with the release of macOS 12.7/13.6, iOS 16.7/17.0.1, iPadOS 16.7/17.0.1, and watchOS 9.6.3/10.0.1.
Silent Skimmer, a credit card skimming campaign
The BlackBerry team has uncovered a financially motivated campaign, which they have named Silent Skimmer. The campaign, which has reportedly been active for more than a year, first targeted businesses in the Asia-Pacific region, but has recently targeted North America and Latin America.
Threat actors exploit vulnerabilities in web applications to gain access to sites, so that if the web service has write permissions, the exploit loads a malicious DLL that installs malware such as Magecart to steal credit card data from the site.
The researchers finally indicate that the actors would have technical skills due to their use of a large privilege escalation toolkit, a remote access tool, an exploit for remote code execution, as well as their C2 infrastructure.
Microsoft exposes 38 Terabytes of private data via GitHub
The team of researchers at Wiz have discovered that Microsoft suffered an accidental data breach that affected its public GitHub repository.
According to experts, the problem began in July 2020 and has been ongoing for almost three years until researchers identified that a Microsoft employee had shared a misconfigured Azure storage URL. The data exposure occurred due to a shared access token (SAS).
In addition to open source AI models, approximately 38TB of private data was leaked, including backups of Microsoft employees' personal information, passwords and internal Microsoft Teams messages. Despite the large amount of documentation exposed, Microsoft claimed that no customer data or internal services were compromised.
Wiz reported the incident to MSRC on 22 June 2023, which revoked the SAS token to block all external access to the Azure storage account, mitigating the issue on 24 June 2023.
CISA and FBI publish analysis of Snatch ransomware
The Cybersecurity and Infrastructure Security Agency and the FBI have published a security advisory analysing the Snatch ransomware. According to the researchers, it is estimated that since mid-2021, Snatch operators have constantly evolved their tactics in their operations, and it is worth noting that this ransomware family uses the well-known double extortion technique.
In terms of victimisation, they have targeted a wide range of critical infrastructure sectors, such as defence, food, technology and others. The security company Optiv estimates that between 2022 and 2023 there are up to a total of 70 Snatch attacks, most of them geolocated in the US.
Both the FBI and ICSA recommend that organisations implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents.
Vulnerabilities in MOVEit Transfer allow access to databases
Progress Community has released updates for MOVEit Transfer following the disclosure of three vulnerabilities in the product. The first of these, identified as CVE-2023-42660, and with CVSS 8.8, is a SQL injection flaw discovered in the MOVEit Transfer machine interface.
An authenticated attacker could exploit the flaw by sending a payload to the interface, and modify and disclose the contents of the MOVEit database. The flaw CVE-2023-40043 and CVSS 7.2 is also a SQL injection vulnerability in the MOVEit Transfer web interface, which could lead to unauthorised access to the database. In this case, the prerequisite for exploiting the flaw is that the attacker has access to an administrator account.
Finally, the one identified as CVE-2023-42656, with CVSS 6.1, refers to a reflected XSS vulnerability; through which a threat actor can send a payload and execute malicious JavaScript in the victim's browser. All three vulnerabilities, affecting MOVEit Transfer's MySQL or MSSQL DB, have been resolved with the September Service Pack release.
Iamgen jcomp / Freepik.
