The Apple M-series faces an exploitable vulnerability that could reveal keys used during cryptographic operations. According to reports, the vulnerability tagged GoFetch is associated with a microarchitectural side-channel attack leveraging data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data from the CPU cache. Further information about DMP by a team comprising of the University of Illinois Urbana-Champaign, University of Texas, Georgia Institute of Technology, University of California, Berkeley, University of Washington, and Carnegie Mellon University revealed that “DMP activates (and attempts to dereference) data loaded from memory that ‘looks like’ a pointer. This explicitly violates a requirement of the constant-time programming paradigm, which forbids mixing data and memory access patterns.”
MuddyWater has Deployed Atera Surveillance in Phishing Attacks.
An intelligence report from Proofpoint has linked MuddyWater, an Iran-affiliated threat actor also known as Mango Sandstorm or TA450, to a new phishing campaign targeting Israeli entities in sectors including manufacturing, technology, and information security to deliver Atera, which is a Remote Monitoring and Management (RMM) solution. A report by the company about the situation states
“TA450 sent emails with PDF attachments that contained malicious links. While this method is not foreign to TA450, the threat actor has more recently relied on including malicious links directly in email message bodies instead of adding this extra step.” Reports revealed the latest attack trend involves MuddyWater embedding links to files hosted on file-sharing sites such as Egnyte, Onehub, Sync, and TeraBox.
Kootenai Health becomes a victim of the Thream ransomware group. The healthcare facility provides comprehensive medical services to patients in northern Idaho and throughout the Inland Northwest. Kootenai has over 5000 employees and a revenue of $311.8 million.
A Maharashtra IT company specializing in software development 90, HTML/CSS 95, software testing 90, and WordPress 95 is now a victim of the Akira ransomware group. Vita IT has over 200 employees and a revenue of $14 million.
A Supply Chain Attack has Resulted in Hackers Taking Over GitHub Accounts.
According to the intelligence report, a yet-to-be-identified threat actor has orchestrated a sophisticated attack that has affected several individual developers, including a GitHub organization account associated with Top.gg and a Discord bot discovery website. Further details about the attack revealed the threat actors stole sensitive information, which includes confidential data, passwords, credentials, etc. A report by Checkmarx about the attack reads, “The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious packages to the PyPI registry.”
