In our first Cyber Weekly Digest of October we dive into the latest zero day vulnerability patches by Apple, as well as the details from a ransomware report highlighting that ransomware victim name leaks are at an all time high. Keep reading to stay up to date on the biggest cyber security news from the week.
Earlier this week, Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. The zero-day (CVE-2023-42824) is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched devices. The vulnerability impacts a vast amount of devices including iPhone XS or later. CVE-2023-42824 is the 17th zero-day vulnerability exploited in attacks that Apple has fixed since the start of the year.
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target's environment which allowed the attacker to gain access and elevated permissions on a Microsoft SQL Server instance deployed in Azure Virtual Machine. The threat actors then leveraged the new permissions to attempt to move laterally to additional cloud resources by abusing the server's cloud identity, which may possess elevated permissions to likely carry out various malicious activities. However, Microsoft said it did not find any evidence to suggest that the attackers successfully moved laterally to the cloud resources using the technique.
Researchers have revealed that the number of victims named on ransomware leak sites an all time high in the four months from March to June 2023. According to the researchers, 2023 is on course to be the biggest year on record for victim name leaks. The report also noted that that one-off mass exploitations of specific vulnerabilities was the main factor for the record numbers of named victims. It is expected the 10,000th victim name was posted to leak sites in late summer 2023.
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. The attack occurred over the weekend and caused service provision interruptions in all but four countries. In the statement, Lyca indicated that there may have been unauthorised access to its databases, although it is not yet confirmed. Most of Lyca’s services are back up and running although restoration continues.
Cyber security experts have discovered another malware-as-a-service threat called BunnyLoader that's being advertised for sale on the cybercrime underground. BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more. Its other capabilities include running remote commands on the infected machine, a keylogger to capture keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses. BunnyLoader is being sold for $250 for a lifetime license.