Cyber Weekly Digest - Week #38

This week's Cyber Weekly Digest features the latest zero-day vulnerabilities patched by both Apple and Microsoft and a ransomware attack on a world-leading medical tech company. Keep reading to stay up to date with the latest cyber security stories from across the world.

1. Microsoft patched an actively exploited Windows zero-day vulnerability.

In this month's Microsoft Patch Tuesday, Microsoft rolled out an update to patch the actively exploited zero-day in its MSHTML Platform, which came to light last week. The 8.8 rated flaw is a remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws, so the exploitation is perfectly reliable." Also, in this month's Patch Tuesday, Microsoft addressed a publicly disclosed, but not actively exploited, a zero-day flaw in Windows DNS.

2. BlackMatter ransomware hits medical technology giant Olympus.

Olympus, a leading medical technology company, is investigating a ransomware attack this week which affected its EMEA IT systems. Olympus has been working to discover the extent of the damage caused by the ransomware attack but believes that customer security and service was not affected by the incident. The ransom notes point to a Tor website which the BlackMatter gang has previously used to communicate with victims. BlackMatter is believed to be the rebrand of the DarkSide ransomware gang.

3. Apple issued an urgent update to fix a new zero-day linked to Pegasus Spyware.

On Monday, Apple released a security update that fixes at least one vulnerability that may have been actively exploited. The zero-day exploit, known as ForcedEntry, was allegedly used to spy on Bahraini activists illegally with NSO Group's Pegasus Spyware. Researchers are urging Apple users to update their devices immediately. So far, Apple has patched over ten zero-day vulnerabilities used in targeted attacks against iOS and Mac devices this year.

4. Three former U.S. intelligence officers admit to hacking for UAE company.