Apple Releases iOS and macOS updates to patch actively exploited zero-day flaw
Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. An anonymous researcher has been credited with reporting the shortcoming. It’s worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.
Extreme California heat knocks key Twitter data center offline
Extreme heat in California has left Twitter without one of its key data centers, and a company executive warned in an internal memo obtained by CNN that another outage elsewhere could result in the service going dark for some of its users. A memo sent from Carrie Fernandez, the company’s vice president of engineering, to Twitter engineers on Friday stated that as a result of the outage in Sacramento, Twitter is in a “non-redundant state.” She explained that Twitter’s data centers in Atlanta and Portland are still operational but warned, “If we lose one of those remaining datacenters, we may not be able to serve traffic to all Twitter’s users.”
New phishing scheme uses ‘herd mentality’ approach to dupe victims
Hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. The cybersecurity firm Proofpoint has identified the group deploying these so-called “multi-persona impersonation” emails as TA453. The company previously linked TA453 to Iran and says their activities overlap with other groups called Charming Kitten, Phosphorous and APT42. The tactic is designed to create a stronger impression that the activity is real, the researchers said, by employing a psychological phenomenon known as “social proof.” Sometimes referred to as “herd mentality,” the idea is that people are more likely to engage if they see others doing it, too.
New PsExec spinoff lets hackers bypass network security defenses
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. PsExec is designed to help administrators execute processes remotely on machines in the network without the need to install a client. Threat actors have also adopted the tool and are frequently using it in post-exploitation stages of an attack to spread on the network, run commands on multiple systems, or deploy malware. This achievement brings changes to the defense game since blocking just port 445 to restrict malicious PsExec activity is no longer a reliable option for most attacks.
Thanks to today’s episode sponsor, Edgescan
Dutch police arrest man for laundering tens of millions in stolen crypto
A 39-year-old man was arrested in the Dutch town of Veenendaal on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. The police worked closely with the country’s central cybercrime team to monitor specific bitcoin transactions and to locate his whereabouts. According to a press statement, law enforcement was able to track down the suspect by following the crypto that had been stolen using a malicious software update for the legitimate open-source Electrum wallet. The malicious update had been distributed through phishing attacks.
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel
On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it had compromised 55 Berghof programmable logic controllers aka PLCs used by organizations in Israel. GhostSec also published a video demonstrating a successful log-in to the PLC’s admin panel along with screenshots of an HMI screen showing some phases of the attack, including the block of the PLC. The experts believe that the threat actors gained access to the admin panel of the PLCs by using default and common credentials.
Trend Micro addresses actively exploited Apex One zero-day
Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex One endpoint security product, including a zero-day vulnerability, tracked as CVE-2022-40139 (CVSS 3.0 SCORE 7.2), which is actively exploited. This flaw is an improper validation issue related to a rollback function, an agent can exploit the vulnerability to download unverified rollback components and execute arbitrary code. The company pointed out that the vulnerability could be exploited only by an attacker that had access to authentication data. Trend Micro did not share details of the attacks exploiting this vulnerability.
U.S. government offensive cybersecurity actions tied to defensive demands
Following up on a strategy first revealed publicly in 2018, the U.S. Department of Defense published a Cyber Strategy summary introducing a new concept called “defense forward,” which signals that the U.S. would not wait until a malicious cyber act occurred before taking action. Defense forward is now in common cybersecurity parlance to describe actions that preemptively defend against cyber threats or likely cyber threats before they can cause damage. The goal is to pursue similar types of proactive operations such as those executed by domestic U.S. law enforcement, to retrieve cryptocurrencies on behalf of ransomware victims, mostly notably Colonial Pipeline.. The full report and analysis are available on CSOOnline.