Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. (The Hacker News)
| “There have been more than ten zero-day vulnerabilities patched and announced by Apple since the beginning of 2022. The discovery of vulnerabilities like these illustrate the need for patch management as one layer of a multi-layered cybersecurity strategy. Like a stack of Swiss cheese slices, each layer has some holes, but, by recognizing the holes exist, we can ensure sufficient layers are applied and configured so that no holes line up to allow a breach.” – Kris Brochhausen, SOC Deputy Director at Ingalls Information Security |
A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.
The previously unknown cluster of activity was first discovered by Proofpoint in October 2022, with the security firm reporting that it continued into 2023.
The threat actor appears to have financial motivations, performing a preliminary evaluation of breached systems to determine if the target is valuable enough for further intrusion. (BleepingComputer)
The United States, in coordination with the United Kingdom, is designating seven individuals who are part of the Russia-based cybercrime gang Trickbot. This action represents the very first sanctions of their kind for the U.K. and results from a collaborative partnership between the U.S. Department of the Treasury’s Office of Foreign Assets Control and the U.K.’s Foreign, Commonwealth, and Development Office; National Crime Agency; and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware. (U.S. Department of the Treasury)
Reddit has confirmed it recently suffered what seems to have been a fairly significant cyberattack that saw attackers make off with sensitive company data.
In a security notice, Reddit described the incident as a “sophisticated and highly-targeted phishing attack”. (TechRadar)
The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.
The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to Internet access. (BleepingComputer)