Apple Addresses Two iOS Zero-Day Vulnerabilities Targeting iPhones
Apple has released urgent security updates to fix two iOS zero-day vulnerabilities affecting iPhones, found in the iOS Kernel and RTKit. These zero-day exploitsallowed attackers to bypass kernel memory protections. The updates, available for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6, enhance input validation. While the source of the vulnerabilities remains undisclosed, iOS zero-days are often used in state-sponsored espionage. Users are urged to update their devices promptly, marking Apple’s third zero-day fix in 2024 after one in January.
Microsoft: Russian Hackers Breach Systems, Access Source Code
Microsoft reveals that the Russian hacking group ‘Midnight Blizzard’ breached its systems and source code repositories using stolen authentication secrets from a January cyberattack. Exploiting a test account lacking multi-factor authentication, the hackers accessed corporate email servers and stole data, including from Microsoft’s leadership. Recent weeks have seen increased attacks by Midnight Blizzard, prompting Microsoft to enhance security measures and engage affected customers. The group, linked to Russia’s Foreign Intelligence Service, has a history of cyberespionage, including the 2020 SolarWinds attack.
BlackCat Ransomware Pulls Exit Scam, Blames Authorities
The BlackCat ransomware gang is executing an exit scam, alleging the FBI seized their infrastructure and site, aiming to abscond with affiliates’ funds. The group, also known as ALPHV, declared the sale of their malware’s source code for $5 million. Despite claims of federal intervention, law enforcement agencies disavow involvement. Notable signs of the scam include abrupt shutdowns of their Tor data leak blog and negotiation servers, alongside accusations of stealing a $20 million ransom. Affiliates are left unpaid, fueling suspicions of an exit scam. The gang’s history dates back to 2020, transitioning from DarkSide to BlackMatter and eventually BlackCat/ALPHV. Despite ongoing disruptions, including law enforcement seizures, the ransomware gang persists in its criminal activities, highlighting the challenges of combating cybercrime.
Cyberattack Disrupts Canada’s Financial Intelligence Unit
Canada’s Financial Transactions and Reports Analysis Centre (FINTRAC) has suspended corporate systems following a cyber incident. While core intelligence remains secure, precautionary measures are in place to protect information integrity. Collaborating with federal partners, including the Canadian Centre for Cyber Security, efforts are ongoing to restore operations. Despite no ransomware claims, the incident adds to Canada’s recent cybersecurity challenges, including breaches affecting the RCMP, Trans-Northern Pipelines, Toronto Zoo, and Memorial University of Newfoundland.
Duvel Assures Ample Beer Supply Despite Ransomware Attack
Duvel Moortgat Brewery faced a ransomware attack, halting beer production in its bottling facilities. The renowned Belgian beer brand, known for its golden pale ale and other popular abbey beers, detected the attack through automated threat detection systems. While production remains suspended with no estimated restart time, the company reassures consumers that warehouses are well-stocked, minimizing distribution impact. Beer enthusiasts responded with humor and concern on Reddit, joking about “strategic reserves” while expressing worries about potential price hikes. The brewery hasn’t disclosed if the cyberattack affected other facilities besides its main brewery in Breendock. Although no ransomware gang claimed responsibility initially, the Stormous group later claimed the attack, threatening to leak stolen data unless a ransom is paid by March 25, 2024.
WordPress Sites Targeted in Browser-Driven Brute-force Campaign
A widespread cyber threat has emerged, targeting WordPress websites, as uncovered by Sucuri. In a notable shift, hackers, previously associated with injecting crypto wallet drainers, are now employing a new tactic. They compel visitors’ browsers to conduct brute-force attacks on other sites. This sophisticated method utilizes compromised WordPress sites to quietly issue brute-force tasks to visitors’ browsers, creating a large-scale, distributed attack network. The motive behind this shift appears to be a strategic move to expand the hackers’ reach for future attacks. This development underscores the evolving nature of cybersecurity threats and the need for heightened vigilance to combat them effectively.
Impersonation of U.S. Government Agencies in BEC Attacks
Hackers, identified as TA4903, are executing sophisticated business email compromise (BEC) attacks by impersonating U.S. government entities like the Department of Transportation, the Department of Agriculture, and the Small Business Administration. They entice victims with fake bidding processes, using QR codes in PDF attachments to redirect to phishing sites. Once there, users are prompted to enter credentials, enabling unauthorized access to corporate networks. TA4903’s activities are financially driven, targeting U.S. organizations primarily but recently shifting to small businesses. Organizations must adopt robust security measures to counter these threats effectively.
TA577 Phishing Campaign Targets NTLM Hashes
TA577, previously linked to ransomware, now uses phishing to steal NT LAN Manager (NTLM) authentication hashes. In February 2024, they targeted hundreds of organizations worldwide.
Phishing emails, appearing as replies to discussions, contain unique ZIP archives with HTML files. When opened, these files trigger connections to external servers, stealing NTLM hashes for malicious purposes.
To defend against such attacks, organizations can block outbound SMB connections, filter emails containing zipped HTML files, and restrict outgoing NTLM traffic. Windows 11 users can use Microsoft’s security features to block NTLM-based attacks over SMBs.
Swiss Government Reveals Impact of Play Ransomware Attack
The Swiss National Cyber Security Centre (NCSC) disclosed that the Play ransomware attack on Xplain led to the leakage of 65,000 government documents.
Out of 1.3 million files, 5% (65,000 documents) belonged to the Federal Administration, primarily impacting the Federal Department of Justice and Police (FDJP), with minor effects on the Federal Department of Defence, Civil Protection, and Sport (DDPS).
Exposed information includes personal data, technical details, and account passwords.
The investigation, launched in August 2023, is ongoing and will provide cybersecurity recommendations to the Federal Council. Handling unstructured data and legal complexities have extended the investigation’s duration.
Conclusion
In conclusion, the cyber landscape is fraught with various threats, from zero-day vulnerabilities to ransomware attacks and phishing campaigns. Staying vigilant and implementing robust security measures is essential to safeguard sensitive data.
As experts in ransomware recovery and cybersecurity, we offer specialized services such as Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. If your organization requires assistance in recovering from a ransomware attack or bolstering its cybersecurity defenses, contact us today.