Cyber Weekly Digest - Week #39

In this week’s Digest, we will dive into yet another Apple zero-day flaw, ransomware attacks on two US farming cooperatives as well as how the UK’s Ministry of Defence accidentally exposed the data of Afghan interpreters who had worked for the British Forces. Keep reading to stay up to date on the latest cyber security stories from across the world.

1.Two US farming cooperatives suffer ransomware attacks.

This week both Crystal Valley and New Cooperative suffered ransomware attacks which severely disrupted their daily business operations. BlackMatter ransomware is believed to be behind the New Cooperative attack and is demanding a £5.9 million ransom, which will rise to $11.8 million if a ransom is not paid in five days. Later in the week, it was confirmed that a ransomware attack had also hit Crystal Valley. It is not yet known which ransomware operation is behind the attack. According to a New Cooperative spokesperson, the attack could significantly affect their supply to the public, and the impact “will likely be much worse than the pipeline attack”.

2. A newly discovered macOS zero-day bug lets attackers run commands remotely.

Earlier in the week, security researchers disclosed a new vulnerability in Apple’s macOS Finder, making it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big Sur. The flaw is a result of how macOS processes inetloc files, which inadvertently causes it to run any commands embedded by an attacker without any warnings or prompts. Although Apple had patched this flaw, the patch only partially addressed the flaw as it can still be exploited by changing the protocol used to execute the embedded commands. This flaw joins the growing list of Apple zero-day vulnerabilities this year.

3. Afghan interpreters’ data was accidentally exposed in MoD breach.

The UK’s Ministry of Defense has apologised after sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces. The impacted interpreters are seeking to be relocated to the UK either from Afghanistan, where many are currently in hiding or another country they have been relocated to. One of the email recipients commented that the mistake could have put lives at risk for individuals in Afghanistan. The MoD has reportedly suspended an official