At a glance.
- Apple patches actively exploited iOS 17 vulnerability.
- Qakbot's survival of a major takedown.
- BADBOX puts malware into the device supply chain.
- LoonyTunables and a privilege-escalation risk.
- Scattered Spider believed responsible for cyberattack against Clorox.
- Sony discloses information on its data breach.
- Secureworks on the state of the threat in 2023.
- Tightening control over the Russian information space.
- KillNet affiliate Anonymous Sudan interferes with streaming services.
- Improving cyber resilience, with private-sector support.
Apple patches actively exploited iOS 17 vulnerability.
Apple has patched two serious vulnerabilities affecting iOS and iPadOS, SecurityWeek reports. Apple says one of the flaws, CVE-2023-42824, a privilege escalation vulnerability affecting the kernel, “may have been actively exploited against versions of iOS before iOS 16.6.” SecurityWeek notes that this is “the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices.”
The other flaw, CVE-2023-5217, is a buffer overflow vulnerability affecting WebRTC that could enable remote code execution. This vulnerability involves a problem with the libvpx video codec library. BleepingComputer writes, "The libvpx bug was previously patched by Google in the Chrome web browser and by Microsoft in its Edge, Teams, and Skype products.'
Qakbot's survival of a major takedown.
The operators of Qackbot are back, Cisco Talos researchers report. They're distributing Ransom Knight ransomware in a campaign that began in early August and continues into the present. The activity continues despite an FBI-led takedown of Qakbot's infrastructure. "Notably, this activity appeared to begin before the FBI seized Qakbot infrastructure in late August and has been ongoing since, indicating the law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their command and control (C2) servers." Qakbot's operators lost an important part of their infrastructure, but they remain at large, and may well be working to reconstitute their operation.
BADBOX puts malware into the device supply chain.
Security firm HUMAN has disrupted “a key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices, sold to end users through major retailers originating from repackaging factories in China.” The campaign, “BADBOX,” uses the Triada malware “to steal personally identifiable information, establish residential proxy exit peers, steal one-time passwords, create fake messaging and email accounts, and other unique fraud schemes.” HUMAN worked with Google and Apple to disrupt the ad fraud portion of BADBOX, dubbed “PEACHPIT.” Additionally, the researchers “shared information about the facilities at which some BADBOX-infected devices were created with law enforcement, including information about the organizations and individual threat actors believed to be responsible for the PEACHPIT operation.” For more on BADBOX, see CyberWire Pro.