SAN MATEO, CA, April 3, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Cybercriminals are attempting to extort organizations by impersonating the ransomware gangs that hacked them
- North Korean hackers believed to be responsible for 3CX supply chain attack
- CISA adds five new bugs to its Known Exploited Vulnerabilities catalog
- Critical IBM Aspera Faspex file transfer bug exploited in the wild
- Researchers: fundamental wifi protocol flaw lets hackers hijack network traffic
- ChatGPT experiences data breach, shows chat data belonging to others
- WebKit zero-day flaw in older iPhones and iPads patched by Apple
- “MacStealer” malware targets Mac users via Telegram
- New phishing campaign spreads Emotet malware through fake tax forms
Cybercriminals are attempting to extort organizations by impersonating the ransomware gangs that hacked them
A fake ransomware gang looking to piggyback on the severity of the damage caused by others is targeting US organizations and threatening to release stolen data that, in fact, they do not have. The group, called Midnight Group, has been observed targeting companies since at least March 16, sending emails to ransomware victims and claiming to be the perpetrators. The authors of the emails use the names of well-known hacking outfits as well as whatever information they can gather about a victim organization to make it appear as though they are the ones behind the attack. Read more.
North Korean hackers believed to be responsible for 3CX supply chain attack
A supply chain attack has affected multiple versions of 3CX’s desktop app across both Windows and macOS platforms. The enterprise software communications manager has issued a statement in which it says it has enlisted Mandiant to review the incident and urges “customers of self-hosted and on-premise versions of the software to update to version 18.12.422.” The full scope of the attack is not yet known but current evidence implies “a compromise of 3CX’s software build pipeline to distribute Windows and macOS versions of the app package, or alternatively, the poisoning of an upstream dependency.” Cybersecurity firm CrowdStrike believes the attack came at the hands of Labyrinth Chollima, a subset of North Korean hacker gang Lazarus Group. Read more.
CISA adds five new bugs to its Known Exploited Vulnerabilities catalog
Two targeted spyware campaigns zeroing in on Android and iOS users has prompted CISA to add five of the exploits threat actors are using to their Known Exploited Vulnerabilities list: CVE-2021-30900, an Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability, CVE-2022-38181, an Arm Mali GPU Kernel Driver Use-After-Free Vulnerability, CVE-2023-0266, a Linux Kernel Use-After-Free Vulnerability, CVE-2022-3038, a Google Chrome Use-After-Free Vulnerability and CVE-2022-22706, an Arm Mali GPU Kernel Driver Unspecified Vulnerability. Federal agencies have three weeks to patch the bugs but CISA is strongly encouraging all organizations to do so, as these vulnerabilities have been widely exploited. Read more.
Critical IBM Aspera Faspex file transfer bug exploited in the wild
Researchers at Rapid7 have warned the public that a “critical bug in IBM’s popular Aspera Faspex file transfer stack that allows arbitrary code execution” is being actively exploited in the wild by cybercriminals and ransomware gangs. In spite of a patch fixing the issue being released in December of last year, out-of-date systems are widespread and remain highly vulnerable. The bug, garnering a severity rating of 9.8 out of 10, allows threat actors to “remotely deploy their own code onto any target system running Faspex.” Read more.
Researchers: fundamental wifi protocol flaw lets hackers hijack network traffic
A fundamental security flaw in the IEEE 802.11 wifi protocol standard has been uncovered by security researchers. When exploited, it allows threat actors to “trick access points into leaking network frames in plaintext form.” IEEE 802.11 includes power-saving features that let wifi devices buffer or queue frames traveling to sleeping devices. To take advantage of the newly found flaw, an attacker has to “spoof the MAC address of a device on the network and send power-saving frames to access points, forcing them to start queuing frames destined for the target. Then, the attacker transmits a wake-up frame to retrieve the frame stack.” Read more.
ChatGPT experiences data breach, shows chat data belonging to others
OpenAI has confirmed that its popular chatbot, ChatGPT, experienced a bug that resulted in users seeing chat data belonging to others. The flaw was caused by “ChatGPT’s use of Redis-py, an open source Redis client library” and was the result of a March 20 change made by OpenAI by developers. OpenAI has disclosed that exposed information includes the titles of active users’ chat history and payment-related information belonging to 1.2% of ChatGPT Plus subscribers. The company says the exposure took placed over the course of 9 hours, has been fixed and that they are “confident that there is no ongoing risk to users’ data.” Read more.
WebKit zero-day flaw in older iPhones and iPads patched by Apple
Older iPhone and iPad models have received a patch from Apple that fixes a zero-day flaw observed being exploited in the wild. The bug (CVE-2023-23529) is a “WebKit type confusion issue that the company fixed on newer iPhone and iPad devices on February 13, 2023.” After tricking victims into opening a malicious web page, threat actors have been able to use the flaw to launch code on targeted devices. Individuals who still use older model iPhones and iPads are strongly encouraged to update immediately. Read more.
“MacStealer” malware targets Mac users via Telegram
MacStealer is a new malware that is “designed to extract iCloud Keychain data, passwords and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave.” MacStealer is one of a number recent malware variants that use Telegram as a command-and-control (C2) platform from which to exfiltrate a victim’s data. MacStealer is primarily targeting Apple machines “running macOS versions Catalina and later running on M1 and M2 CPUs.” Users are encouraged to keep their systems updated and never download mysterious or questionable files. Read more.
New phishing campaign spreads Emotet malware through fake tax forms
An email campaign has been discovered in which messages purporting to be from the IRS have been targeting US taxpayers. According to Malwarebytes, criminals have been sending “emails titled ‘IRS Tax Forms W-9,’ while impersonating an ‘Inspector’ from the Internal Revenue Service.” The emails contain a ZIP archive labeled “W-9 form.zip” that actually harbors a malicious Word document that has been “inflated to over 500MB to make it harder for security software to detect it as malicious.’ Emotet campaigns regularly surge during holidays or other noteworthy seasons as criminals attempt to capitalize on whatever is trending. Read more.