.png)
Stay up to date with all the latest cyber security news in the latest Cyber Weekly Digest. This week we dive into the latest Lapsus$ victim and the actively exploited zero-days patched by both Google and Apple.
This week IT and software consultancy firm Globant confirmed that they were breached by the Lapsus$ data extortion group, in which data consisting of administrator credentials and source code was leaked by the threat actors. Lapsus$ released a 70GB archive of data allegedly stolen from Globant, describing it as “some customers source code.”. In a screenshot posted by Lapsus$, some of the source code folders listed include, Abbott, apple-health-app, C-span, Fortune, Facebook, DHL, and Arcserve. Later this week, Lapsus$ published a set of credentials claiming to be for administrator access to various platforms used by Globant for developing, reviewing, and collaborating on customer code.
Google has updated its Stable channel for the desktop version of Google Chrome, to address a zero-day security vulnerability that is actively exploited in the wild. The vulnerability, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine which was first discovered March 23rd. The patch was issued on an emergency basis, due to the bug being actively exploited. The V8 JavaScript engine had a total of 16 zero-days patched last year and was a key target for threat actors.
This week security researchers discovered that threat actors are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites. When loaded, the JavaScript will force the visitor's browser to perform HTTP GET requests to each of the targeted sites. The websites targeted include Ukrainian government agencies, think tanks, recruitment sites for the International Legion of Defence of Ukraine, financial sites, and other pro-Ukrainian sites.
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that may have been exploited in the wild. The first flaw, tracked as CVE-2022-22675, the issue has been described as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges. The second being an out-of-bounds read issue in the Intel Graphics Driver module that could enable a malicious actor to read kernel memory. Both the vulnerabilities were reported to Apple anonymously.
Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Shutterfly confirmed that the ransomware attach first occurred December 3rd 2021. Conti encrypted over 4,000 devices and 120 VMware ESXi servers belonging to Shutterfly in the attack. Since then, the Conti ransomware operation has released 7.02 GB of data they claim was stolen during the attack, including archives named for finance, legal, customer service, and payroll data.
