11-Jul-23: In Security News Today

Apple invoked Rapid Security Response (RSR) to patch 0-day WebKit vulnerability impacting iPads, iPhones and Macs
Apple isn’t so “rapid” in patching security vulnerabilities, so this is only the second time Apple has invoked the Rapid Security Response (RSR). And they had do, given that this vulnerability can simply be exploited by having a victim visit a malicious webpage. What’s worse is that the issue is not limited to Safari, because all browsers installed on Apple devices are required to use the underlying WebKit drivers.

Threat actor ScarletEel targets AWS its victims’ AWS environment
Researchers have observed the financially motivated threat actor ScarletEel infiltrating Amazon Web Services (AWS) to steal credentials and intellectual property, plant crypto mining software, perform distributed denial-of-service (DDoS) attacks, and more. ScarletEel began its latest intrusion by exploiting Jupyter notebook containers in a Kubernetes cluster. Then the attackers ran scripts to look for AWS credentials they could send back to their command-and-control (C2) server. Instead of using command line tools, the scripts used built-in shell commands. “This is a more stealthy way to exfiltrate data as curl and wget are not used, which many tools specifically monitor for,” the researchers pointed out.

EU agrees to new US-EU Data Privacy Framework
The European Commission has adopted its adequacy decision for the EU-US Data Privacy Agreement, allowing organizations to engage in the free flow of personal data between the two regions without additional safeguards. This model replaces the previous Privacy Shield arrangement between the two regions, which was ruled unlawful by the Court of Justice of the European Union (CJEU) under GDPR rules in the Schrems II case in 2020.

UK-based healthcare provider HCA Healthcare leaks 11 million patients’ data in a data breach
HCA Healthcare has revealed it has suffered a major data breach affecting approximately 11 million patients.  According to the healthcare provider’s press release, the data leaked in this breach includes:

  • Patient name, city, state, and zip code;
  • Patient email, telephone number, date of birth, gender; and
  • Patient service date, location and next appointment date.

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures
Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates. 

Critical VMware Bug Exploit Code Released Into the Wild
A critical security vulnerability in the VMware Aria Operations for Logs analysis tool for cloud management — known as CVE-202-20864 — now has an exploit available that allows threat actors to run arbitrary code as root, no user interaction necessary. This security vulnerability can be remediated by updating to the version number specified in this security advisory released by VMware. 

Bangladesh Government Website Leaks Personal Data
Bitcrack Cyber Security researcher Viktor Markopoulos said he accidentally discovered a Bangladesh Government website leaking personal data of its citizens. Bangladeshi e-Government Computer Incident Response Team (CIRT) have since published a press release notifying the news of this breach.

Mastodon Patches four bugs ranging from Medium to Critical severity

Arbitrary file creation through media attachments (CVSS: 9.9)
XSS through oEmbed preview cards (CVSS: 9.3)

Blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database (CVSS: 7.7)
Denial of Service through slow HTTP responses (CVSS: 7.5)

Verified profile links can be formatted in a misleading way (CVSS: 5.4)

Amazon Prime Day Draws Out Cyber Scammers
Amazon Prime Day runs from July 11-12, but scammers have already started to capitalize on the worldwide shopping event, which promises exclusive deals for a short time only. Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.