News FYI
Apple Patches New macOS, iOS Zero-Days
Apple has released emergency fixes for two zero-day vulnerabilities already exploited by attackers in its flagship macOS and iOS platforms. Patches are added to Apple’s automatic update mechanism (macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1).
Google fixes fifth Chrome zero-day bug exploited this year
Google has announced a fix for the fifth zero-day vulnerability in the Chrome browser from early 2022. The developers described the discovered vulnerability as a high-severity issue related to insufficient validation of untrusted inputs in the Intents component. The security bug is being tracked as CVE-2022-2856.
Hackers attack UK water supplier but extort wrong company
Clop ransomware attacked one of the UK’s clean water suppliers. But they accidentally began to demand a ransom from another English (larger) company, threatening to publish the data stolen from the first organization. The group has either misidentified its victim, or the attackers are trying to extort money from a much larger company using false evidence.
The cyberattack came during a terrible drought in the UK, when water rationing policies were introduced in eight districts of the country.
Xiaomi Phone Bug Allowed Payment Forgery
A critical vulnerability has been discovered in the smartphones of the Chinese manufacturer Xiaomi, which allows attackers to penetrate devices and forge payments. Vulnerable are Xiaomi Redmi Note 9T and Redmi Note 11 phones. They run on a MediaTek chip that uses the Kinibi TEE architecture.
Critical Amazon Ring Vulnerability Could Expose Camera Recordings
A critical vulnerability has been discovered in the Amazon Ring application that could allow attackers to obtain recordings from users’ cameras. It is noted that the vulnerability allows hackers to access camera recordings from Ring and extract sensitive data.
LastPass Says Source Code Stolen in Data Breach
The company LastPass, the developer of the password manager of the same name, announced a cyber attack, as a result of which hackers were able to steal the source code of the program and some corporate information.
The developers say that there is currently no evidence that the attackers compromised the personal data of customers or encrypted password stores.
The LastPass password manager stores the password in encrypted vaults. Its decryption is possible only with the use of a specialized client master password. However, these master passwords, according to representatives of the LastPass company, were not compromised by attackers during the cyber attack that took place two weeks ago.
The Dominican government is a victim of a ransomware attack
Government agencies in the Dominican Republic have been disrupted by the Quantum ransomware attack. Malicious software encrypted several services and workstations in the state structures of the country. The attackers initially demanded a $650,000 ransom. The hackers claimed to have stolen over 1TB of data and threatened to release it.