At a glance.
- Chinese threat actor exploits Cisco zero-day.
- CocoaPods vulnerabilities affected millions of iOS and macOS apps.
- CDK Global says systems will be back online by Thursday.
Chinese threat actor exploits Cisco zero-day.
A China-aligned cyberespionage actor dubbed "Velvet Ant" exploited a zero-day vulnerability (CVE-2024-20399) affecting a wide range of Cisco Nexus devices, according to researchers at Sygnia. The flaw is a command injection vulnerability in the Cisco NX-OS Software CLI that can "allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device." Cisco has issued patches for the flaw.
Sygnia says Velvet Ant's "exploitation led to the execution of a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices."
CocoaPods vulnerabilities affected millions of iOS and macOS apps.
Researchers at EVA Information Security discovered a set of vulnerabilities affecting the open-source dependency manager CocoaPods that could allow a threat actor "to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications." The vulnerabilities have since been patched.
EVA explains, "A 2014 migration process left thousands of orphaned packages (where the original owner is unknown), many of which are still widely used in other libraries. Using a public API and an email address that was available in the CocoaPods source code, an attacker could claim ownership over any of these packages, which would then allow the attacker to replace the original source code with their own malicious code." Additionally, "An insecure email verification workflow could be exploited to run arbitrary code on the CocoaPods ‘Trunk’ server (manages the distribution and metadata of Podspecs), which would allow an attacker to manipulate or replace the packages being downloaded." Finally, "A separate vulnerability would allow an attacker to infiltrate the CocoaPods ‘Trunk’ server and perform a near-unlimited range of exploits."
CDK Global says systems will be back online by Thursday.
Car sales management software provider CDK Global expects all car dealerships to be back online by Thursday, July 4th, following a ransomware attack the company sustained on June 18th, BleepingComputer reports. A CDK spokesperson told BleepingComputer, "We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS). We anticipate all dealers connections will be live by late Wednesday, July 3 or early morning Thursday, July 4."
BleepingComputer cites sources as saying the BlackSuit ransomware gang was responsible for the attack.