Share Blog Post
Apple, as the maker of one of the most widely used devices, is also one of the most targeted brands. Security experts have sounded an alarm against two spyware-style zero-days that affect iPads, Macs, and iPhones. One of the flaws concerns WebKit, which could allow attackers to take over a user's browser or any app that uses WebKit. Meanwhile, a series of advisories were issued by the CISA regarding critical vulnerabilities found in products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and others, which are related to Industrial Control Systems (ICS).
Cryptomining bot attacks are back with a new attack campaign dubbed Color1337 dropping the uhQCCSpB malware bot. Cyber adversaries have deployed two different mining tactics to maximize access to the compromised Linux machine.
Top Breaches Reported in the Last 24 Hours
Millions of Thai citizens suffer breach
A hacker who goes by the moniker "9Near," originally an Army Sergeant in Thailand, was accused of stealing and offering the personal data of 55 million Thai citizens to other cybercriminals. The data on sale contained full names, addresses, dates of birth, ID card numbers, and contact details of individuals. Police are also questioning his wife in the matter.
Canada-based Rogers Communications targeted
In an ad on a Russian-speaking hacker forum, the author claimed to have stolen data from Rogers Communications Inc., a communications and media firm. While attackers claimed to have pilfered data from the company’s Active Directory that also contains customer data, the company maintained that only employee data was exposed and no customer details were exposed.
Data leak via ChatGPT
On three occasions, sensitive information was fed by Samsung employees into ChatGPT, resulting in three separate data leaks. The latest incident was discovered when internal documents such as source code and meeting notes were shared through the chatbot service. In one of the instances, employees asked the bot to optimize test sequences to identify faults in their chip designs.
M&A data left exposed for half-a-year
For over six months, sensitive client data associated with Proskauer Rose's merger and acquisitions business was left exposed due to an unsecured Microsoft Azure cloud server. The data at risk included private and privileged financial and legal documents, NDAs, financial deals, contracts, and more in 184,000 files.
Top Malware Reported in the Last 24 Hours
Cryptomining using uhQCCSpB bot
Cybersecurity company Tehtris analyzed a cryptojacking campaign targeting Linux systems and infecting those with a malware bot called uhQCCSpB. With the bot, attackers use two strategies to launch a Monero miner on the infected machine. The "diicot" cryptominer is activated on machines that have more than four cores, whereas the "SlowAndSteady" option is executed on machines with four or fewer cores.
Top Vulnerabilities Reported in the Last 24 Hours
RCE bug affects Mastodon
A vulnerability in Mastodon social network could provide attackers access to sensitive information. The bug, identified as CVE-2023-28853, is caused by a blind LDAP injection flaw in login. Hackers could send a specially crafted request to obtain arbitrary attributes from the LDAP database and utilize the information to conduct further attacks against the affected system.
Two zero-days abused in Apple
Apple addressed a couple of zero-days that are currently being exploited in the wild. The flaws, earmarked as CVE-2023-28205 and CVE-2023-28206, affect iPads, Macs, and iPhones. The first flaw can be abused by any iOS application to run arbitrary code with kernel privileges. In another scenario, attackers can chain the two flaws to cause further damage.
CISA warns against ICS flaws
Multiple advisories have been released by the CISA covering bugs found in ICS and SCADA software from several vendors including Rockwell Automation, Hitachi Energy, JTEKT Electronics, Korenix, mySCADA Technologies, and Industrial Control Links. ScadaFlex II series controllers by Industrial Control Links suffered a critical bug with a CVSS score 9.1, enabling attackers to modify, delete, or create files on the system.
Bug in Tesla Retail Tool
Security researcher Evan Connelly uncovered a security hole in the Tesla Retail Tool (TRT) application that can allow attackers to control the accounts of former employees. TRT reportedly stores hoards of enterprise information, including financial information, details on Tesla locations, building plans, network circuit details, contact information, and more.
Tags
Posted on: April 10, 2023
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
