Take a look at this week's Cyber Weekly Digest and stay up to date on the latest cyber security news. This week read about the REvil ransomware operation's Tor site which came back online and the online card retailer which has had to suspend all online orders following a cyber attack.
This week researchers informed officials that suspected Pegasus spyware had targeted Downing Street and Foreign office systems. Pegasus is sold by NSO Group to governments to carry out surveillance through infecting phones with malicious software. NSO has denied the allegations and stated that Pegasus is only sold for law enforcement purposes. Researchers say they have identified a number of official phones in the UK which is suspected to have been targeted.
Funky Pigeon, the online gift card retailer, has announced that it had taken its systems offline as a precaution following a recent cyber attack, meaning all orders had been suspended. The company has confirmed that they launched a forensic investigation as soon as they discovered the security incident to determine if any personal data had been accessed. There are limited details on the attack, however, security researchers are warning customers to watch out for any phishing attacks in the next few months.
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. All of the vulnerabilities have been assessed as high-severity risks with a score of 8.8 out of 10. Security researchers identified the security issues on the AWS fixes six days after their release of the hotfix and informed Amazon in December.
Google Project Zero called 2021 a "record year for in-the-wild zero-days," with 58 security vulnerabilities being detected and disclosed during the year. 2021 had over double the zero days exploits in 2021, with 25 zero-days being detected. Of the 58 in-the-wild zero-days observed in 2021, 39 were memory corruption vulnerabilities and 17 originated from Chromium.
The REvil ransomware’s servers in the TOR network are back up following months of inactivity and are now redirecting to a new operation. In mid-January, Russia announced that it shut down REvil after identifying all members of the gang and arresting 14 individuals. Although, this week researchers discovered that REvil’s leak site was being promoted on the RuTOR forum marketplace. The new site is hosted on a different domain but leads to the original one REvil used. The site lists 26 pages of victims, most of them from old REvil attacks, however, the last two appear to be related to the new operation.