Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 19-25 August
Google patches multiple high-severity vulnerabilities in Chrome
Google has released a security update for Chrome that patches five vulnerabilities reported by researchers outside the company, four of which have been classified as high severity.
Of the five vulnerabilities, CVE-2023-4430, a use-after-free bug in Vulkan, has the highest severity, according to the company. Another of the patched vulnerabilities is CVE-2023-4429, also a use-after-free bug in the Loader component.
On the other hand, the other three vulnerabilities patched in the new update allow access to out-of-bounds memory and affect CSS (CVE-2023-4428), V8 (CVE-2023-4427) and Fonts (CVE-2023-4431).
It should be noted that Google has not mentioned that any of the vulnerabilities have been exploited in attacks. The company recommends upgrading to Google Desktop Stable versions 116.0.5845.110 for macOS and Linux or 116.0.5845.110/.111 for Windows.
HiatusRAT targets Taiwan and the US Department of Defence
The threat actor group behind the HiatusRAT malware has resumed its activity, targeting organisations in Taiwan and a US military procurement system. Lumen researchers identified this new campaign, although its identity and origin remain unknown.
The threat actors are using new VPS servers to host samples of the malware, and their targets include commercial enterprises and a Taiwanese government entity, as well as a US Department of Defence server. They have adapted the malware to various architectures, preferring Ruckus devices and directing connections from Taiwan, being used to spy through enterprise routers, creating a C2 proxy network with infected perimeter network devices.
Although their objective is uncertain, it is suspected that they are seeking information on military contracts. HiatusRAT, discovered in mid-March 2023, was by then targeting high-level assets to spy on targets in Latin America and Europe.
FBI seeks to stop Lazarus from withdrawing $40 million in cryptocurrency
The FBI has issued a statement asking cryptocurrency companies to cooperate in preventing Lazarus, a North Korean-sponsored APT also known as APT38 or TraderTraitor, from withdrawing approximately 1,580 bitcoins from their wallets through theft.
To this end, it has published the addresses of these wallets and asked cryptocurrency companies to analyze the blockchain data associated with these addresses and try to avoid transactions involving them, both directly and indirectly.
In the release, the FBI also accuses Lazarus of being responsible for the theft of $60 million from Alphapo, $37 million from CoinsPaid and $100 million from Atomic Wallet.
Danish Hosting Companies hit by ransomware
Hosting companies CloudNordic and AzeroCloud in Denmark suffered ransomware attacks resulting in the loss of customer data and the shutdown of systems, including websites and email. Despite restoration efforts, the data has been unrecoverable and has led to the loss of most customers' information. Both brands, which belong to the Certiqa Holding ApS, refused to pay ransom to the threat actors and are cooperating with cybersecurity experts and law enforcement.
According to statements from both companies, the attack achieved this magnitude of damage due to the infection of critical servers during a data center migration, which allowed the attackers to access critical administrative, data storage, and backup systems. It should also be noted that both CloudNordic and AzeroCloud claim that they did not evidence unauthorized access to data, although hundreds of customers lost information stored in the cloud.
RCE vulnerability in WinRAR
Zero Day Initiative researcher "goodbyeselene" has discovered a critical vulnerability in WinRAR, the popular file compression tool for Windows. This vulnerability, known as CVE-2023-40477, has raised concerns due to its potential use by threat actors as it could be exploited by remote attackers to execute arbitrary code on the target system simply by opening a RAR archive.
The vulnerability lies in the lack of proper validation of user-supplied data, which could lead to unauthorized access to memory beyond the end of an allocated buffer. RARLAB acted quickly after being notified of the vulnerability and released WinRAR version 6.23, which effectively fixes the vulnerability.
Image: Rawpixel / Freepik.
