At a glance.
- Apple issues emergency patches.
- "Multiple nation-state actors" target the aerospace sector.
- DPRK targets security researchers.
- A new BEC phishing kit.
- Emerging patterns of fraud.
- SpaceX interrupted service to block a Ukrainian attack against Russian naval units last year.
- US and Ukrainian officials warn of heightened Russian offensive cyber activity.
- The International Criminal Court will prosecute cyber war crimes.
- Operation KleptoCapture extends to professional service providers.
- SINET 16 announced.
Apple issues emergency patches.
Yesterday Apple issued three emergency patches for a vulnerability that could be exploited to install spyware. The patches affect macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, and watchOS 9.6.2. "A maliciously crafted attachment may result in arbitrary code execution," the company said in its advisories. "Apple is aware of a report that this issue may have been actively exploited." The report of active exploitation came from the University of Toronto's Citizen Lab, which found evidence that NSO Group’s Pegasus spyware was being installed in vulnerable devices through a zero-click exploit the Lab calls "BLASTPASS." The attacks used PassKit attachments sent as iMessage images. These carried the malicious payload. The patches will protect users against BLASTPASS; so will enabling Apple's Lockdown Mode on the device.
Citizen Lab found BLASTPASS on the device used by "a Washington DC-based civil society organization with international offices. Both Apple and Citizen Lab characterize this threat as "mercenary spyware," that is, it's spyware sold to a variety of actors, especially government security services, without having any essential political connections.