Welcome to Security Sunday – Week 36, our weekly IT Security Recap (4. 9. — 10. 9. 2023)

We compile noteworthy news incidents and vulnerabilities from the past week, shedding light on the ongoing challenges in maintaining digital security.

Spyware Pegasus has been found on iPhones with the latest iOS.

Apple recently released a security update in response to the discovery of a critical vulnerability called BLASTPASS, which allowed attackers to infect iPhones running the latest iOS version without any user interaction. This vulnerability was exploited to deliver the malicious Pegasus software, which enables location tracking, call eavesdropping, and access to the victim’s camera and microphone. Apple acted swiftly and issued a patch, which is available for all iPhones running iOS 16.6 and newer versions. Alongside this, the Citizen Lab organization has urged users to activate Lockdown mode, providing an additional layer of security.

To protect your iPhone from malicious software and cyberattacks, it’s crucial to keep your software up-to-date, download apps only from trusted sources, use strong passwords and two-factor authentication, and exercise caution when opening links and files, especially when sharing personal information in emails and messages.

Source: https://www.hackread.com/blastpass-pegasus-spyware-exploit-iphones-ios/

 

Iranian hackers breached the U.S. aviation agency through vulnerabilities in Zoho and Fortinet services.

CISA, FBI, and CNMF confirmed that an APT group exploited CVE-2022-47966 to gain unauthorized access to a publicly accessible application (Zoho ManageEngine ServiceDesk Plus). CISA has been involved in resolving the incident from February to April and stated that hacker groups had been in the compromised network of the aviation organization since at least January, after infiltrating the server running Zoho ManageEngine ServiceDesk Plus and the company’s Fortinet firewall.

As three U.S. agencies warn, APT groups often search for vulnerabilities in devices exposed to the internet that haven’t been patched against critical and easily exploitable security flaws. After infiltrating the target’s network, attackers maintain a persistent presence on compromised parts of the network infrastructure. These network devices are subsequently used as pivot points for maneuvering within the victim’s networks.

Source: https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-us-aviation-org-via-zoho-fortinet-bugs/

Data Leak

  1. Johnson & Johnson discloses IBM data breach impacting patients
    https://www.bleepingcomputer.com/news/security/johnson-and-johnson-discloses-ibm-data-breach-impacting-patients/

  2. UK Electoral Commission Fails Cybersecurity Test Amid Data Breach
    https://www.infosecurity-magazine.com/news/electoral-commission-fails/

  3. Freecycle confirms massive data breach impacting 7 million users
    https://www.bleepingcomputer.com/news/security/freecycle-confirms-massive-data-breach-impacting-7-million-users/

  4. Medical Data Breach: Ayush Jharkhand Hacked
    https://www.infosecurity-magazine.com/news/ayush-jharkhand-hacked/

  5. Sensitive Data about UK Military Sites Potentially Leaked by LockBit
    https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/

  6. Sydney University Suffers Supply Chain Breach
    https://www.infosecurity-magazine.com/news/sydney-university-suffers-supply/

Vulnerability

  1. Ransomware fiends pounce on Cisco VPN brute-force zero-day flaw
    https://www.theregister.com/2023/09/08/cisco_zeroday_vpn_bug/

  2. Notepad++ 8.5.7 released with fixes for four security vulnerabilities
    https://www.bleepingcomputer.com/news/security/notepad-plus-plus-857-released-with-fixes-for-four-security-vulnerabilities/

  3. Vulnerabilities found in the ProtonMail web app
    https://www.hackread.com/protonmail-code-vulnerabilities-leak-emails/

  4. ASUS Urges Firmware Update Amidst Severe Router Vulnerabilities
    https://securityonline.info/asus-urges-firmware-update-amidst-severe-router-vulnerabilities/

  5. September Android updates fix zero-day exploited in attacks
    https://www.bleepingcomputer.com/news/security/september-android-updates-fix-zero-day-exploited-in-attacks/

  6. Atlas VPN zero-day vulnerability leaks users’ real IP address
    https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/

  7. Rockstar Games reportedly sold games with Razor 1911 cracks on Steam
    https://www.bleepingcomputer.com/news/gaming/rockstar-games-reportedly-sold-games-with-razor-1911-cracks-on-steam/

Cyber Attack

  1. Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
    https://www.infosecurity-magazine.com/news/chinese-hacker-steals-microsoft/


Interested in cyber security? Check out other episodes of our weekly Security Sunday series.