|
01 DEC 23
Cyber Threat Roundup
A collection of recent open-source items of interest to the Defense Industrial Base
|
|
Apple Fixes Two New iOS Zero-Days in Emergency Updates
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. “Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” the company said in an advisory issued on Wednesday. The two bugs were found in the WebKit browser engine (CVE-2023-42916 and CVE-2023-42917), allowing attackers to gain access to sensitive information via an out-of-bounds read weakness and gain arbitrary code execution via a memory corruption bug on vulnerable devices via maliciously crafted webpages.
https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/
|
|
New ‘Turtle’ macOS Ransomware Analyzed
Patrick Wardle, the famed cybersecurity researcher specializing in Apple products, conducted an analysis of a new macOS ransomware named Turtle. Wardle’s analysis suggests that the Turtle ransomware is currently not sophisticated, but the malware’s existence indicates that cybercriminals continue to show an interest in targeting macOS users. Versions of the Turtle ransomware appear to have been created for Windows and Linux systems as well. The ransomware is designed to encrypt files on compromised systems. However, at this stage, it does not appear to pose a major threat to macOS users.
https://www.securityweek.com/new-turtle-macos-ransomware-analyzed
|
|
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st RAT (aka Farfli). It comes with features to “facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code,” Cisco Talos researchers Ashley Shen and Chetan Raghuprasad said. The attacks commence with a phishing email bearing decoy documents, opening which activates a multi-stage process that leads to the deployment of SugarGh0st RAT.
https://thehackernews.com/2023/12/chinese-hackers-using-sugargh0st-rat-to.html
|
|
Staples Confirms Cyberattack Disrupting Deliveries
Office supplies giant Staples has confirmed a cybersecurity incident, saying its mitigation efforts have impacted its delivery and customer service activities. Staples said the company identified a “cybersecurity risk,” prompting it to take steps to mitigate the impact and protect customer data. According to the statement, mitigation efforts were the reason why some of Staples’ systems have been offline. “Our prompt efforts caused temporary disruption to the staples.com processing and delivering capabilities, as well as to our communications channels and customer service lines,” Staples said.
https://cybernews.com/news/staples-confirms-cyberattack/
|
|
Notepad++ Input Validation Flaws Leads to Uncontrolled Search Path Vulnerability
An uncontrolled search path vulnerability was discovered in Notepad++, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided. Notepad++ is a simple text editor for Windows with many more capabilities and can be used to open or edit code files written in other programming languages. Multiple vulnerabilities in Notepad++ were previously reported in August 2023. This vulnerability (CVE-2023-6401: Uncontrolled Search Path in Notepad++) exists in an unknown functionality of the file dbghelp.exe, which a threat actor can manipulate to search an untrusted path. There has been no evidence of exploitation of this vulnerability by threat actors. The severity for this vulnerability has been given as 5.3 (Medium) by VulDB.
https://cybersecuritynews.com/notepad-input-validation-flaw/
|
|
US Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in “revenue generation and missile-related technology procurement that support the DPRK’s weapons of mass destruction (WMD) programs.” The actions are in response to North Korea’s launch of a military reconnaissance satellite late last month, the Treasury added. They also arrive a day after a virtual currency mixer service called Sinbad was sanctioned for processing stolen assets linked to hacks perpetrated by the Lazarus Group. Kimsuky—also called APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima—is a prolific cyber espionage crew that primarily targets governments, nuclear organizations, and foreign relations entities to collect intelligence that help further North Korea’s interests.
https://thehackernews.com/2023/12/us-treasury-sanctions-north-korean.html
|
|
|
|
