Cyber Weekly Digest - Week #25
In this week’s digest we discuss the most recent REvil ransomware victim and the latest zero-day vulnerabilities patched by Apple. Keep reading to find out about the latest and biggest cyber security stories from across the globe.
This week the REvil ransomware operation listed companies whose data they are actioning off to the highest bidder, one of the companies listed is US nuclear weapons contractor, Sol Oriens. REvil claim to have stolen data from them in a cyber attack in May 2021, as proof REvil have published images of some of the documents stolen. The attackers are putting pressure on Sol Oriens into paying their ransom demands by threatening to share information and documents to military agencies of their choice. In a statement from Sol Oriens, although they acknowledge a cyber attack in May 2021, they do not believe that the data stolen includes client classified or critical security related information.
Apple has fixed two more zero-day flaws this week, meaning that there have been nine zero-day vulnerabilities patched by Apple so far this year. Both bugs are associated with Apple’s Safari browser and the underlying iOS code, called WebKit, which is responsible for rendering web pages. One of the vulnerabilities patched by Apple addresses a “memory corruption issue” and improves the Apple WebKit state management. The second flaw was identified as a use-after-free flaw, which is a type of memory corruption vulnerability, that allows an attacker to execute code on targeted devices. According to Apple the flaws affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018.
It was discovered this week that a vendor had left unsecured Audi and Volkswagen data exposed on the internet between August 2019 and May 2021. It is believed that 3.3 million customers are involved in the breach, with 97% of those affected relating to Audi customers and interested buyers. The data exposed varies per customer but could range from contact information to more sensitive information such as social security numbers and loan numbers. The stolen customer data has since been found for sale on a hacker forum.
This week the complete source code for the Paradise ransomware was posted on a hacking forum called XSS, meaning that anyone could develop their own customised ransomware. The source code is only available to active users on the hacking forum and only for a limited time. This could be an easy entry point for individuals to create a new ransomware operation. A security researcher, who compiled the source code package, found that the code created three executables - a ransomware configuration builder, a decryptor, and an encryptor.
Researchers found that more than 1 billion records for CVS Health customers were left in the database of a third-party vendor exposed and unprotected online. The researchers believe that it is probably another incident of a cloud storage misconfiguration. The information exposed includes personal identifiable information including email addresses, medications and even COVID-19 vaccines.