Cybersecurity Weekly: Safari zero-day, Windows printer vulnerability, iPhone hack
A Safari zero-day was used in a malicious LinkedIn campaign. A researcher finds another unpatched Windows printer spooler vulnerability. A low-risk iOS Wi-Fi naming bug can hack iPhones remotely. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Safari zero-day used in malicious LinkedIn campaign
Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting.
2. Researcher finds another unpatched Windows printer spooler vulnerability
Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, another zero-day flaw in the same component emerged, making it the fourth printer-related flaw to be discovered in recent weeks. The flaw allows a threat actor to execute arbitrary code with SYSTEM privileges.
3. Low-risk iOS Wi-Fi naming bug can hack iPhones remotely
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability stemmed from the way iOS handled string formats associated with the SSID input.
4. New phishing campaign targets individuals of interest to Iran
So far, the campaign has affected individuals at fewer than 10 organizations. But as with all TA453 attacks, this one also is narrowly focused and designed to steal data from official email inboxes belonging to persons of likely interest to the Iranian government. Researchers also observed the attackers attempting to gain access to personal email inboxes.
5. Ransomware attacks targeting unpatched EOL SonicWall VPN appliances
SonicWall alerted customers of an imminent ransomware campaign targeting its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware. The warning comes one month after remote access vulnerabilities in SonicWall SRA 4600s were exploited as an initial access vector for ransomware.
6. REvil ransomware gang disappears after high-profile attacks
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites remained inaccessible, displaying an error message that the site was not found.
7. Software maker removes backdoor giving root access to radio devices
The author of a popular software-defined radio project removed a backdoor from radio devices that granted root-level access. According to the project’s author, the backdoor was present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.
8. Cyberspies targeting Southeast Asian government entities
A sweeping and highly active campaign that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. The goal of the attacks is to affect a wide perimeter of targets with the aim of hitting a select few that are of strategic interest.
9. Updated Joker malware floods into Android apps
The Joker mobile trojan is back on Google Play, with an uptick in malicious Android applications that hide the billing-fraud malware. It’s also using new approaches to skirt past Google’s app-vetting process. In the latest wave, at least 1,000 new samples were detected just since September.
10. 16-year-old security bug affects millions of HP, Samsung, Xerox printers
Details recently emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox and Samsung printers that has remained undetected since 2005. The issue concerns a buffer overflow in a print driver installer package named SSPORT.SYS that can enable remote privilege and arbitrary code execution.
In this Series
- Cybersecurity Weekly: Safari zero-day, Windows printer vulnerability, iPhone hack
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
