In this week’s Cyber Weekly Digest, we take a look at the three ransomware strains which have had their decryption keys posted online, as well as the latest vulnerabilities to be patched by Microsoft and Apple. Keep reading to stay up to date on the biggest cyber security stories from the week.
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December. The data breach notification says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud environment before encrypting the data.
The February Microsoft Patch Tuesday sees just 51 vulnerabilities fixed, which is considerably low compared to the typical Patch Tuesday. On top of this, there are no “critical” fixes or active exploits this month. However, Microsoft addressed one zero-day this month: CVE-2022-21989, a Windows Kernel elevation-of-privilege vulnerability.
Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. The zero-day patched today is tracked as CVE-2022-22620 and is a WebKit Use After Free issue that could lead to OS crashes and code execution on compromised devices. This is the third zero-day vulnerability patched by Apple so far in 2022.
On Wednesday, decryption keys for Maze, Egregor, and Sekhmet ransomware were posted online. The individual who posted to keys described themselves as the developer of the three ransomware strains. The developer claimed that they will never go back to ransomware and that they have destroyed all of their ransomware source code, along with posting a zip file containing the decryption keys and Maze gang’s malware source code.
The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. In 2016, the 119,756 bitcoins stolen during the attack were worth almost $78 million and are now valued at roughly $4.5 billion. Two individuals were also arrested in Manhattan for being involved in a conspiracy to launder the stolen cryptocurrency. Investigators claim that this is the largest cryptocurrency seizure ever made by the Department of Justice.