Following the addition of two known flaws to the known exploited vulnerability catalog by CISA, Apple has released a security update to address the security flaws, including two with active exploitation in the wild. The two vulnerabilities are dubbed CVE-2024-23225 and CVE-2024-23296. The former is an issue with memory corruption in the kernel, which is exploitable by skilled attackers with arbitrary kernel read and write capability. The latter is a memory corruption issue in the RTOS (RTKit real-time operating system), which is also exploitable by skilled attackers with arbitrary kernel read and write capability. Security patches are now available for iOS 16.7.6, iOS 17.4, iPadOS 16.7.6, and iPadOs 17.4.
15 Countries are on high alert as GhostSec and Stormous launch a joint ransomware attack.
Cuba, Argentina, Poland, China, Lebanon, Uzbekistan, Morocco, Israel, India, Brazil, South Africa, Turkiye, Vietnam, Qatar, Indonesia, and Thailand are under attack by GhostSec and Stormous. The attack focuses mostly on technology, manufacturing, education, government, transportation, energy, medicolegal, real estate, and telecom companies. One of the statements by cybersecurity researchers affirms that GhostLocker and Stormous ransomware have launched a ransomware-as-a-service (RaaS) program, STMX_GhostLocker, which provides affiliates with a variety of options.
Predatory spyware firm faces clampdown by United States officials for involvement in targeting Journalists and officials.
According to OFAC in a statement, “The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal.” The agency’s operation resulted in the sanction of seven persons, including two individuals and five entities associated with the Intellexa Alliance, for involvement in developing, operating, and distributing commercial spyware programmed to monitor journalists, government officials, and country’s policy experts.
VMware patched four security flaws impacting ESXi, Workstation, and Fusion.
A statement by VMware detailed the possible consequences that can result from a threat actor exploiting the now patched flaws in the following versions: ESXi 6.5 – 6.5U3v, ESXi 6.7 – 6.7U3u, ESXi 7.0 – ESXi70U3p-23307199, ESXi 8.0 – ESXi80U2sb-23305545 and ESXi80U1d-23299997, VMware Cloud Foundation (VCF) 3.x, Workstation 17.x—17.5.1, and Fusion 13.x (macOS)—13.5.1.
“A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.” The flaws are tagged CVE-2024-22252 (CVSS score: 9.3), CVE-2024-22253 (CVSS score: 8.4), CVE-2024-22254 (CVSS score: 7.9), and CVE-2024-22255 (CVSS score: 7.1). The first two are severe and described as use-after-free bugs in the XHCI USB controller.
Mediplast AB is now one of the 8base ransomware group victims. The Swedish company specializes in selling and distributing medical devices, primarily in the Nordic region. It offers products for Surgery, Thoracic, Radiology, Wound Care, Anesthesia / Intensive Care (AN/IVA), Home Health care, Osteomy, and Ear, Nose, and Throat (ENT). Mediplast has over 200 employees and $25 million in revenue.
Biomedical Research Institute suffered a ransomware attack by the Meow ransomware group. The biorepository and biobanking solutions for clinical studies specialize in biorepository services, NH Schistosomiasis, resource center, bladder immunology group, and cold storage. BRI has over 50 employees and $5.1 million in revenue.
Infosoft joins the list of victims of the Akira ransomware group. Infosoft is an HR service company focused on recruiting talent and building teams throughout the US market. The company has over 500 employees and revenue of $35.3 million.
