Take a look at this week's Cyber Weekly Digest for a rundown of the biggest cyber security news, including the latest actively exploited zero-day vulnerabilities patched by Windows and Apple. Keep reading to stay up to date on the latest cyber security stories.
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. The patch comes as part of this month’s Patch Tuesday which also provided updates for 96 other security vulnerabilities. CVE-2023-28252 affects all supported Windows server and client versions and can be exploited by local attackers in low-complexity attacks without user interaction. Successful exploitation enables threat actors to gain SYSTEM privileges and fully compromise targeted Windows systems. The Nokoyawa ransomware first appeared in February 2022 and is known for targeting 64-bit Windows systems in double extortion attacks.
This week YUM Brands has been sending out breach notification letters to individuals impacted by a ransomware incident that occurred in January. YUM Brands owns chains such as KFC, Taco Bell and Pizza Hut. In January, the group suffered a ransomware attack which resulted in 300 outlets being forced in close in the UK. Since then, Yum has issued out data breach notifications to and unknown number of employees; it is providing complimentary credit monitoring and identity protection for two years to those affected. The group claims that although the attack compromised some data, no customer information was involved.
Apple has released emergency updates to backport security patches which addresses two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. The first (CVE-2023-28206) is an out-of-bounds write weakness in IOSurfaceAccelerator that enables threat actors to execute arbitrary code with kernel privileges on targeted devices via maliciously crafted apps. The second (CVE-2023-28205) is a WebKit use after free that allows threat actors to execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages. The devices affected includes iPhone (6s, 7, SE 1st gen), iPad (Air 2, mini 4th gen, touch 7th gen) and Macs running MacOS Monterey and Big Sur.
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. In recent attacks the group has targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world whereas normally they focused on the cryptocurrency sector. Along with targeting the automotive industry Lazarus has switched its tactics to utilise a trojanzied version of a legitimate PDF reader application called SumatraPDF Reader to initiate its malicious routine. Lazarus is also believed to be behind the recent supply chain attack on VoIP communications company 3CX.
Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services. SD Worx is a European HR and payroll management company based out of Belgium that services 5.2 million employees for over 82,000 companies. This week Worx notified customers that its UK and Ireland divisions suffered a cyberattack leading them to shut down IT systems to contain the attack. Due to the large number of sensitive customer data, there are concerns that clients’ employee data may have been compromised in the attack, although SD Worx has not released details about the attack.