Cyber Weekly Digest - Week #39


In this week’s Digest, we will dive into yet another Apple zero-day flaw, ransomware attacks on two US farming cooperatives as well as how the UK’s Ministry of Defence accidentally exposed the data of Afghan interpreters who had worked for the British Forces. Keep reading to stay up to date on the latest cyber security stories from across the world.


1.Two US farming cooperatives suffer ransomware attacks.

This week both Crystal Valley and New Cooperative suffered ransomware attacks which severely disrupted their daily business operations. BlackMatter ransomware is believed to be behind the New Cooperative attack and is demanding a £5.9 million ransom, which will rise to $11.8 million if a ransom is not paid in five days. Later in the week, it was confirmed that a ransomware attack had also hit Crystal Valley. It is not yet known which ransomware operation is behind the attack. According to a New Cooperative spokesperson, the attack could significantly affect their supply to the public, and the impact “will likely be much worse than the pipeline attack”.


2. A newly discovered macOS zero-day bug lets attackers run commands remotely.

Earlier in the week, security researchers disclosed a new vulnerability in Apple’s macOS Finder, making it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big Sur. The flaw is a result of how macOS processes inetloc files, which inadvertently causes it to run any commands embedded by an attacker without any warnings or prompts. Although Apple had patched this flaw, the patch only partially addressed the flaw as it can still be exploited by changing the protocol used to execute the embedded commands. This flaw joins the growing list of Apple zero-day vulnerabilities this year.


3. Afghan interpreters’ data was accidentally exposed in MoD breach.

The UK’s Ministry of Defense has apologised after sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces. The impacted interpreters are seeking to be relocated to the UK either from Afghanistan, where many are currently in hiding or another country they have been relocated to. One of the email recipients commented that the mistake could have put lives at risk for individuals in Afghanistan. The MoD has reportedly suspended an official and launched an investigation into the data breach.


4. A high-severity RCE flaw was disclosed in several Netgear router models.

The networking equipment company Netgear has released patches to remediate a high-severity RCE vulnerability affecting multiple routers, which remote attackers could exploit to take control of an affected system. The flaw has been allocated a CVSS score of 8.1. According to security researchers, the vulnerability resides within Circle, a third-party component included in the firmware that offers parental control features in Netgear devices. Circle has recommended that Netgear users ensure that they are using the latest firmware for their Netgear routers.


5. “FamousSparrow” APT group develops a custom backdoor to spy on hotels and governments.

The APT group “FamousSparrow” has been targeting hotels, governments and private organisations worldwide with a custom backdoor named “SparrowDoor”. According to researchers, the back door can conduct malicious activities such as renaming or deleting files, creating directories, shut down processes, exfiltrating content of a specified file and establishing an interactive reverse shell. There is also a kill switch to remove persistence settings and all SparrowDoor files from the victim machines.




6 views