Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Kevin Mitnick, the world-famous hacker turned security consultant, has sadly passed away at the age of 59.
Mitnick became infamous in the mid-90s, when he was named the world's "most wanted" hacker for a two-year spree of computer fraud, and the theft of thousands of files and credit card numbers. After serving a five-year sentence, the reformed cybercriminal became a security advisor, and led a fruitful career in cybersecurity consultancy.
Mitnick unfortunately lost his battle with pancreatic cancer last Sunday but will always be remembered for his fiction-like journey in the world of cybersecurity.
Well known commercial spyware vendors, Intellexa and Cytrox, have been added to the US government’s Entity list due to a “possible threat to national security”. The vendors that occupy this list are subject to export restrictions, as part of the “ongoing crackdown against commercial surveillance technology”.
Intellexa recently came into the spotlight when they were found to be the creator of the Predator Android spyware; It is also believed that Cytrox is part of Intellexa and was responsible for the packaging and sale of zero-day exploits.
These discoveries were made largely by The Citizen Lab and Talos Intelligence, who worked together to research Intellexa’s recent activity. Talos Intelligence’s report of the PREDATOR spyware, and Intellexa’s involvement, can be found here.
A WhatsApp Outage on the 19th of July caused major disruptions globally to both organisations and individuals due to a heavy dependency on the platform by its users. DownDetector, an online platform for tracking service disruptions, saw an influx in users reporting they are unable to communicate using WhatsApp. It is yet unknown the cause of this outage as both WhatsApp and Meta have failed to comment on this however said they are aware of the outage and are providing relief to concerned users. "We're working quickly to resolve connectivity issues with WhatsApp and will update you here as soon as possible," Meta said in a statement.
Security researchers have seen an increase in dark web forums and marketplaces selling OpenAI credentials. In the past 6 months, the dark web and telegram mentioned ChatGPT more than 27,000 times. Threat actors are stealing credentials using stealer malware and selling the information on dark web marketplaces. A report from June by Group-IB stated that illicit marketplaces on the dark web sold logs containing more than 100,000 ChatGPT accounts.
Estee Lauder, the second largest cosmetics company in the world, was the latest victim of a cyber-attack involving the critical zero-day MOVEit vulnerability. The company released a statement about a “cybersecurity incident” involving an “unauthorized third party that has gained access to some of the Company’s systems.” Estee Lauder reported that they took systems offline and consulted with cybersecurity experts after being made aware of a breach. “Based on the current status of the investigation, the Company believes the unauthorized party obtained some data from its systems, and the Company is working to understand the nature and scope of that data, The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” Estee Lauder stated. The ransomware group Clop is responsible for MOVEit's zero-day attack on many organisations, with experts predicting over 230 affected, and have reported to have stolen 131GB of data as well as archived data from Estee Lauder.
Adobe’s latest batch of security updates includes a vital fix for an actively exploited critical vulnerability in ColdFusion. This flaw has been labelled an “instance of improper access control that could result in a security bypass”, and is known to affect the following versions:
- ColdFusion 2023 (Update 2 and earlier)
- ColdFusion 2021 (Update 8 and earlier)
- ColdFusion 2018 (Update 18 and earlier)
Adobe confirmed in their latest statement that the flaw “has been actively exploited in the wild in limited attacks targeting Adobe ColdFusion.”
Users of Adobe ColdFusion are strongly recommended to update to the latest version as soon as possible. More details on this CVE, and the other flaws addressed in this batch, can be found here.
Microsoft’s Patch Tuesday for July is a big one compared to recent months, with a total of 130 vulnerabilities being patched. This total includes fixes for 9 critical and 121 important, 2 publicly disclosed vulnerabilities and 6 vulnerabilities exploited in the wild.
For an overview of this month’s batch of Microsoft updates, visit our latest blog post here.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #243 – 21st July 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.