Apple has released emergency updates to address three new zero-day vulnerabilities that were being exploited to target users of iPhones and Macs. The vulnerabilities included two in the WebKit browser engine and the Security framework, allowing attackers to bypass signature validation and achieve arbitrary code execution. The third vulnerability was found in the Kernel Framework, enabling local attackers to escalate privileges. Apple has fixed these vulnerabilities in various operating system versions and acknowledged that one of the issues may have been actively exploited in older versions of iOS.
MGM Resorts has resumed its hotel and casino operations after being hit by a ransomware attack. The attack, which involved the ALPHV encryptor and social engineering, caused a 10-day shutdown of operations. While the revenue losses from the downtime are difficult to estimate, MGM is now back to normal operations, although some online booking and rewards functionality is still being restored.
Researchers at Skylight Cyber have discovered a cyberattack vector that allows Hikvision smart intercoms to be turned into spying devices. The attack requires physical access to the target building and the ability to connect to an Ethernet port. Once access is gained, an attacker can run a script to brute-force the admin password and gain complete access to the device, including the microphone, allowing them to eavesdrop on anyone in the building. Hikvision has released a patch, but obstacles to patching remain, leaving many individuals and businesses exposed.
Hackers have gained access to a private company’s database used by numerous restaurants in Pakistan, compromising the personal data of over 2 million citizens. The breached data includes credit card details, addresses, and bank data. The hackers are now selling the pilfered personal data for 2 Bitcoin, but no formal complaints have been filed with federal investigators yet.
A new variant of the BBTok banking Trojan is targeting banking customers in Mexico and Brazil by replicating the interfaces of over 40 banks in these countries. The campaign aims to trick victims into giving up two-factor authentication (2FA) and payment-card details, allowing attackers to hijack their bank accounts. The attackers are using advanced obfuscation techniques, phishing links, and geofencing to ensure victims are located only in Brazil and Mexico, demonstrating an evolution in their tactics.
The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning about the ransomware-as-a-service operation called ‘Snatch.’ Snatch specializes in ‘double extortion,’ where they not only encrypt data but also exfiltrate it, threatening to publish or sell it if the ransom is not paid. The group has targeted sectors related to critical infrastructure, and organizations are advised to follow safe computing practices to protect against Snatch and other ransomware attacks.
A glitch in the official T-Mobile app has allowed users to view other users’ account details and billing information, including names, phone numbers, addresses, account balances, and partial credit card information. The issue has been ongoing for some users for the past two weeks. T-Mobile has clarified that this was not a cyberattack or system breach, and less than 100 individuals were impacted by the glitch.
Security researchers have discovered a malicious open source Python package called ‘culturestreak’ on GitLab that hijacks system resources to mine cryptocurrency. The package, found in an active repository on GitLab, runs in an infinite loop and exploits system resources for unauthorized mining of Dero cryptocurrency. This discovery highlights the persistent threat of supply chain attacks and the importance of vetting code and packages from unverified or suspicious sources.
A threat actor took advantage of a real remote code execution (RCE) vulnerability in WinRAR to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware. The attacker released the fake PoC on a GitHub repository, knowing that the vulnerability would attract attention due to WinRAR’s large user base. The motive behind this attack is believed to be opportunistic, with the attacker looking to compromise other cybercriminals trying to adopt new vulnerabilities into their operations.
Credit reporting firm TransUnion denies suffering a breach after a hacker published 3GB of data allegedly stolen from the company’s systems. The leaked data includes personally identifiable information such as names, dates of birth, passport data, and credit scores. TransUnion has conducted an investigation and found no evidence of a breach, suggesting that the data may have come from a third party.
The P2PInfect malware has experienced a significant increase in activity since late August 2023, with a 600x jump in traffic between September 12 and 19, 2023. Researchers have observed a growing number of variants in the wild, indicating a high development cadence by the malware’s creators. The malware targets poorly secured Redis instances and has evolved its initial access methods, including the use of the Redis SLAVEOF command and a persistence mechanism that leverages a cron job. It also overwrites SSH authorized_keys files and attempts to change user passwords if it has root access.
China’s Ministry of State Security (MSS) has accused the U.S. of hacking into Huawei’s servers since 2009, stealing critical data and implanting backdoors. The MSS claims that the U.S. National Security Agency (NSA) has repeatedly carried out cyber attacks against China and other countries, targeting sectors such as telecom, scientific research, economy, energy, and military. China also alleges that the U.S. has forced technology companies to install backdoors in their software and equipment for cyber espionage purposes.
Gold Melody, also known as Prophet Spider and UNC961, is a financially motivated cybercrime group that sells access to compromised organizations for follow-on attacks such as ransomware. The group has been active since at least 2017 and targets organizations by exploiting vulnerabilities in unpatched internet-facing servers. They have been linked to attacks exploiting security flaws in various servers and have expanded their victimology to target retail, healthcare, energy, financial, and high-tech organizations in North America, Northern Europe, and Western Asia.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.