Apple Zero-Click iMessage Exploit Used to Infect iPhones with Spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images. "We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim," Citizen Lab said.
https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/
US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities
The record-breaking distributed denial-of-service (DDoS) attack that Cloudflare mitigated last month originated from a new botnet called “Mantis,” which is currently described as “the most powerful botnet to date.” The botnet is extremely powerful despite relying on a small number of devices. Mantis targets servers and virtual machines, which come with significantly more resources. Mantis targets entities in the IT and telecom (36%), news, media, and publications (15%), finance (10%), and gaming (12%) sectors.
https://www.securityweek.com/us-aeronautical-organization-hacked-via-zoho-fortinet-vulnerabilities/
Protecting Your Microsoft IIS Servers Against Malware Attacks
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments. Recently, a slew of activity by the advanced persistent threat (APT) group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code. This article (linked below) describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.
https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html
Threat Actors Modify Malware DGA Patterns to Improve C2 Communication and Complicate Analysis
A Domain Generation Algorithm (DGA) creates numerous domain names, serving as meeting points for malware C&C servers. DGAs help malware evade security measures by generating new, random domains, making it challenging for victims to block or remove them during cyberattacks. Cybersecurity analysts at Akamai Security Intelligence Group recently identified that threat actors are actively altering the DGA patterns to improve C2 communication and complicate the analysis.
https://cybersecuritynews.com/threat-actors-alter-dga-patterns/
Cisco BroadWorks Impacted by Critical Authentication Bypass Flaw
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration. The flaw, discovered internally by Cisco security engineers, is tracked as CVE-2023-20238 and rated with a maximum CVSS score of 10.0. Cisco has provided no workarounds for this flaw, so the recommended solution is to update to AP.platform.23.0.1075.ap385341 for users of the 23.0 branch and to versions 2023.06_1.333 or 2023.07_1.332 for users of the release independent (RI) edition.
https://www.bleepingcomputer.com/news/security/cisco-broadworks-impacted-by-critical-authentication-bypass-flaw/https://www.theguardian.com/technology/2022/jul/14/ransomware-attacks-cybersecurity-targeting-us-hospitals
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships with potential targets and build trust. The social engineering exercise ultimately paved the way for a malicious file containing at least one zero-day in a popular software package. The vulnerability is currently in the process of being fixed. The payload, for its part, performs a number of anti-virtual machine (VM) checks and transmits the collected information, along with a screenshot, back to an attacker-controlled server.
https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html
|
