Tag Archive for: releases

CISA Releases Joint Advisory on Truebot Malware

/in


The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have issued a joint advisory in response to a surge in cyber threats from Truebot malware variants. These threats are particularly targeted toward organizations in the United States and Canada. 

What is Truebot malware?

Truebot is a type of malicious software often used by cybercriminal groups like the CL0P Ransomware Gang to collect and steal sensitive information from their targets. New versions of this software are now being delivered through a vulnerability in the Netwrix Auditor application (CVE-2022-31199), along with the conventional method of phishing emails. This allows the attackers to distribute the malware more effectively within a compromised system. 

What is Nuspire doing to address the emergence of Truebot malware?

Nuspire has reviewed the indications of compromise within the advisory and threat hunts within client environments. 

How should I protect myself from Truebot malware?

Truebot is becoming a popular tool for ransomware groups, especially CL0P Ransomware. Organizations should review and implement the following recommendations: 

  1. Patch Netwrix Auditor: Upgrade Netwrix Auditor to version 10.5 or higher to mitigate the remote code execution vulnerability the threat actors exploit.
  2. Enhance Email Security: Strengthen your email security protocols to guard against phishing emails. This can include measures such as spam filters, warning messages for external emails and user education on spotting suspicious emails.
  3. Monitor for Indicators of Compromise (IOCs): Keep an eye out for the signs of Truebot malware, as detailed in the advisory. This can include unusual network traffic, unrecognized files or software, and unauthorized access to sensitive information.
  4. Respond and Report: If IOCs are detected, immediately follow the incident response measures provided in the advisory. Also, report the intrusion to CISA or the FBI to help them track and combat this threat.
  5. Use MITRE ATT&CK for Enterprise Framework: Utilize this framework to map…

Source…

Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

/in


Jun 22, 2023Ravie LakshmananVulnerability / Endpoint Security

iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.

This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the activity is not known.

  • CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
  • CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

The iPhone maker said it’s aware that the two issues “may have been actively exploited against versions of iOS released before iOS 15.7,” crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them.

The advisory comes as the Russian cybersecurity vendor dissected the spyware implant used in the zero-click attack campaign targeting iOS devices via iMessages carrying an attachment embedded with an exploit for the kernel remote code execution (RCE) vulnerability.

The exploit code is also engineered to download additional components to obtain root privileges on the target device, after which the backdoor is deployed in memory and the initial iMessage is deleted to conceal the infection trail.

The sophisticated implant, called TriangleDB, operates solely in the memory, leaving no traces of the activity following a device reboot. It also comes with diverse data collection and tracking capabilities.

Cybersecurity

This includes “interacting with the device’s file system (including file creation, modification, exfiltration, and removal), managing processes (listing and termination), extracting keychain items to gather victim credentials, and monitoring the victim’s geolocation, among others.”

In an attempt to complete the attack puzzle and gather its different moving parts, Kaspersky has released a utility called “triangle_check” that organizations can use to scan iOS device backups and hunt for any signs of…

Source…

Apple releases fixes for three zero-day exploits in Macs, iPhones

/in


Apple released a slew of security updates on May 18, three of which are for zero-day vulnerabilities in a number of its popular devices.

Not much has been released about the vulnerabilities, but the update said that “Apple is aware of a report that this issue may have been actively exploited.”

The first bug, tracked as CVE-2023-32409, can allow a remote attacker to break out of the Web Content sandbox; the second vulnerability, CVE-2023-28204, may disclose sensitive information; while the third vulnerability, CVE-2023-32373, may lead to arbitrary code execution while processing maliciously crafted web content.

The security vulnerabilities were all found and addressed in the WebKit for several models of iPhones (iOS 16.5, which runs on iPhone 8 and later), iPads (iPadOS 16.5, which runs on iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later), Macs (Ventura 13.4, Big Sur 11.7.7 and Monterey 12.6.6), Apple Watches (Series 4 and later) and Apple TV (tvOS 16.5), as well as Safari 16.5 for macOS Big Sur and Monterey). 

Also affected are all models using iOS 15.7.6 and iPadOS 15.7.6, which include iPhone 6, iPhone 7, iPhone SE, iPad Air 2, iPad mini (4th generation, and iPod touch (7th generation).

There have been a number of zero-day vulnerabilities targeting Apple products recently, with the most recent patch coming in April for two zero-day vulnerabilities, which the Cybersecurity and Infrastructure Security Agency added to its Known Exploited Vulnerabilities (KEV) catalog.

The security community also learned in April of three more zero-click exploits targeting iOS devices from the notorious NSO Group, makers of the Pegusus spyware.

Source…

Apple releases emergency security updates to patch iPhone, iPad and Mac zero-day flaws

/in


Apple has once again released emergency security updates to fix zero-day vulnerabilities that are being used to attack compromised iPhones, iPads and Macs in the wild.

In a security advisory (opens in new tab) released on Friday (April 7), the Cupertino-based company revealed that it “is aware of a report that this issue may have been actively exploited”. Unlike with other recently discovered zero-day flaws, the ones Apple has patched have already been exploited by hackers in their attacks.

Source…