.png)
Take a look at this week’s Cyber Weekly Digest to stay up to date on the latest cyber security news including a ransomware gang threatening to overthrow the Costa Rica government and another Apple zero-day patch.
The Conti ransomware gang, has threatened to "overthrow" the new government of the Costa Rica following the cyber attacks last month. The threat group posted on their official website that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," along with claims that "We have our insiders in your government. We are also working on gaining access to your other systems, you have no other options but to pay us." To increase pressure on Costa Rica, Conti also raised ransom demands to $20 million in return for a decryption key to unlock their systems or they will delete the decryption keys in a week.
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. The flaw is an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD (a kernel extension for audio and video decoding) that allows apps to execute arbitrary code with kernel privileges. The list of impacted devices includes Apple Watch Series 3 or late, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.
Security researchers have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. BLE s used in a wide range or products such as building access control systems to cars like Tesla Model 3 and Model Y. While technical details behind this new BLE relay attack have not been published, the researchers say that they tested the method on a Tesla Model 3 from 2020 using an iPhone 13 mini running version 4.6.1-891 of the Tesla app. Tesla owners are encouraged to use the ‘PIN to Drive’ feature, so even if their car is unlocked, at least the attacker won't be able to drive away with it.
Researchers has discovered that more than 380,000 Kubernetes API servers allow some kind of access to the public internet, making them easy targets for attackers. However, it does not mean these servers are fully open or vulnerable to attacks, it does create a scenario in which the servers have an “unnecessarily exposed attack surface,”. Researchers recommended that if administrators find that a Kubernetes instance in their environment is accessible to the internet, they should consider implementing authorization for access or block at the firewall level to reduce the exposed attack surface.
Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack last week. Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact. Nikkei says it's currently investigating if the attackers accessed any of the customer data that was likely stored on the impacted servers. The company shut down the affected server and took other measures to minimise the impact immediately after first detecting the attack.
