Take a look at the latest Cyber Weekly Digest for a rundown of our top cyber security news. This week we explore the latest zero-day vulnerabilities patched by Apple as well as the threat actors that were able to breach the Ukrainian government email servers. Keep reading to stay up to date on the biggest cyber security news.
Apple on Wednesday released updates for iOS, iPadOS, macOS, watchOS, and Safari browsers to address vulnerabilities that are actively exploited in the wild. This includes two zero-days weaponised in a mobile surveillance campaign called Operation Triangulation, which has been active since 2019. The exact threat actor behind the campaign is not known. The first is (CVE-2023-32434) an integer overflow vulnerability in the Kernel that a malicious app could exploit to execute arbitrary code with kernel privileges. The second is (CVE-2023-32435) a memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
UPS has been alerting Canadian customers that some personal information might have been exposed via its online package look-up tools and abused in phishing attacks. Once investigating, UPS found that the attackers behind this ongoing SMS phishing campaign were using its package look-up tools to access delivery details, including the recipients' personal contact information, between February 2022 and April 2023. The company has now implemented measures designed to restrict access to this sensitive data to thwart these convincing phishing attempts.
More than 100,000 compromised accounts of the OpenAI language model ChatGPT have been found on illicit dark web marketplaces. Researchers discovered the information following their dark web scanning. Researchers stated that the compromised credentials were found within the logs of the information-stealing malware Raccoon and traded on the underground platforms over the past year. The number of available logs containing compromised ChatGPT accounts peaked at 26,802 in May 2023. Attackers could use the stolen credentials to obtain sensitive information, as ChatGPT retains all conversations within an account.
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi router. AX1800 is a popular Linux-based dual-band (2.4GHz + 5GHz) Wi-Fi 6 router used primarily by home users, small offices, shops, cafes, etc. Condi aims to enlist new devices to create a powerful DDoS (distributed denial of service) botnet that can be rented to launch attacks on websites and services. According to researchers, Condi targets CVE-2023-1389, a high-severity unauthenticated command injection and remote code execution flaw in the API of the router's web management interface.
A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organisations, including government entities. Threat actors leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers. After breaching the email servers, the Russian military intelligence hackers deployed malicious scripts that redirected the incoming emails of targeted individuals to an email address under the attackers' control.