News

New Apple iMessage exploit and CISA’s Apache RocketMQ warning

Dan Virgillito
September 11, 2023 by
Dan Virgillito

Hackers exploit zero-click vulnerability in iMessage to infect iPhones with spyware, CISA warns federal agencies of critical Apache RocketMQ bug and the Pandora Android TV box trojan. Catch all this and more in this week’s edition of Cybersecurity Weekly.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

1. New zero-click iMessage flaw enables hackers to distribute spyware on iPhones

Citizen Lab recently revealed that the zero-days patched by Apple enabled a dangerous zero-click exploit named BLASTPASS. The exploit lets hackers silently load NSO Group's Pegasus spyware onto fully updated iPhones using malicious iMessage attachments. Affecting even devices running the latest iOS 16.6, Citizen Lab advises Apple users to update their software immediately and recommends Lockdown Mode for high-risk users.

Read more »

2. CISA urges federal agencies to patch critical vulnerability affecting Apache RocketMQ

CISA has urged federal agencies to address a critical vulnerability in Apache's RocketMQ, known as CVE-2023-33246, by September 27. The agency reports that the DreamBus botnet and other attackers are exploiting this flaw to install unauthorized payloads, including a Monero cryptocurrency miner. If patching by the deadline isn't possible, CISA advises agencies to discontinue using RocketMQ. Given that exploitation has occurred since at least June, immediate action is crucial. 

Read more » 

3. New Mirai malware botnet exploits Android TV boxes to conduct cyberattacks

Doctor Web reports a Mirai botnet variant named Pandora is compromising inexpensive Android-based TV boxes and sets to conduct DDoS attacks. The infection likely happens during malicious firmware updates or through apps for streaming pirated content, mainly targeting Spanish-speaking users. Affected apps include Tele Latino, YouCine TV, Latino VOD and UniTV. Once installed, these apps launch a service that sets up Pandora, which then contacts a remote server to execute DDoS attacks. Primary targets include cheap Android TV boxes with processors ideal for launching these attacks.

Read more »

4. Microsoft reveals how hackers stole signing key from Windows crash dump

Microsoft on Wednesday disclosed that Chinese threat group Storm-0558 accessed 25 U.S. organizations' email accounts by exploiting a software flaw. The group took a cryptographic key from a crash dump to forge enterprise email tokens. The leak occurred due to a software error, and Microsoft suspects a compromised engineer's account enabled the attack. The company has since fixed the vulnerabilities and strengthened its detection systems.

Read more »

5. New Mac malvertising campaign spreads updated AMOS malware

Malwarebytes has uncovered a slick malvertising campaign that distributes an updated Atomic Stealer (aka. AMOS) malware on Mac computers. When users search for popular software, they encounter bogus Google Ads that redirect them to rogue installers. Once installed, the malware prompts for passwords and proceeds to raid iCloud and browser data. This alarming development emphasizes the growing risk of malware attacks on macOS systems.

Read more »

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.
 

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.