New Apple iMessage exploit and CISA’s Apache RocketMQ warning
Hackers exploit zero-click vulnerability in iMessage to infect iPhones with spyware, CISA warns federal agencies of critical Apache RocketMQ bug and the Pandora Android TV box trojan. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. New zero-click iMessage flaw enables hackers to distribute spyware on iPhones
Citizen Lab recently revealed that the zero-days patched by Apple enabled a dangerous zero-click exploit named BLASTPASS. The exploit lets hackers silently load NSO Group's Pegasus spyware onto fully updated iPhones using malicious iMessage attachments. Affecting even devices running the latest iOS 16.6, Citizen Lab advises Apple users to update their software immediately and recommends Lockdown Mode for high-risk users.
2. CISA urges federal agencies to patch critical vulnerability affecting Apache RocketMQ
CISA has urged federal agencies to address a critical vulnerability in Apache's RocketMQ, known as CVE-2023-33246, by September 27. The agency reports that the DreamBus botnet and other attackers are exploiting this flaw to install unauthorized payloads, including a Monero cryptocurrency miner. If patching by the deadline isn't possible, CISA advises agencies to discontinue using RocketMQ. Given that exploitation has occurred since at least June, immediate action is crucial.
3. New Mirai malware botnet exploits Android TV boxes to conduct cyberattacks
Doctor Web reports a Mirai botnet variant named Pandora is compromising inexpensive Android-based TV boxes and sets to conduct DDoS attacks. The infection likely happens during malicious firmware updates or through apps for streaming pirated content, mainly targeting Spanish-speaking users. Affected apps include Tele Latino, YouCine TV, Latino VOD and UniTV. Once installed, these apps launch a service that sets up Pandora, which then contacts a remote server to execute DDoS attacks. Primary targets include cheap Android TV boxes with processors ideal for launching these attacks.
4. Microsoft reveals how hackers stole signing key from Windows crash dump
Microsoft on Wednesday disclosed that Chinese threat group Storm-0558 accessed 25 U.S. organizations' email accounts by exploiting a software flaw. The group took a cryptographic key from a crash dump to forge enterprise email tokens. The leak occurred due to a software error, and Microsoft suspects a compromised engineer's account enabled the attack. The company has since fixed the vulnerabilities and strengthened its detection systems.
5. New Mac malvertising campaign spreads updated AMOS malware
Malwarebytes has uncovered a slick malvertising campaign that distributes an updated Atomic Stealer (aka. AMOS) malware on Mac computers. When users search for popular software, they encounter bogus Google Ads that redirect them to rogue installers. Once installed, the malware prompts for passwords and proceeds to raid iCloud and browser data. This alarming development emphasizes the growing risk of malware attacks on macOS systems.
Phishing simulations & training