CYBERSECURITY NEWS V. January – Patch Tuesdays, LockBit apology, Qualcomm UEFI flaws
The LockBit ransomware gang apologizes, gives SickKids hospital free decryptor
The LockBit ransomware gang has apologized for the cyberattack on the SickKids children's hospital in Toronto, Canada. The criminals offered the clinic a free decryptor for data recovery, however, according to experts, about a third of the files can be lost forever.
On December 18, the hospital suffered a ransomware attack that affected internal and corporate systems, the hospital's phone lines, and the website. The cyber-attack on the hospital also delayed lab results, cut off telephone lines, and shut down the staff payroll system.
On December 31, the LockBit hackers apologized to the hospital, saying they blocked the "partner" responsible for the cyberattack and offered SickKids a free decryptor to unlock the data.
Qualcomm UEFI flaws threaten Microsoft, Lenovo, Samsung devices
Devices from Microsoft, Lenovo, Samsung, and others contain vulnerabilities due to leaky UEFI firmware in Qualcomm Snapdragon chips. The manufacturer has already released patches.
In total, the patches close more than twenty gaps. Among them are errors in the connection and download processes.
Vulnerabilities affect devices: Lenovo Thinkpad X13, Microsoft Surface, Windows Dev Kit 2023 (Project Volterra) and a number of devices from Samsung.
In a report from Lenovo, the corporation writes that two problems - buffer overflow and out-of-bounds reading - are related to the DXE driver. These holes can be exploited by a local attacker. Exploitation of the identified vulnerabilities can lead to the execution of arbitrary code, which is why they have been assigned a high severity level.
Microsoft January 2023 Patch Tuesday
Microsoft has announced fixes for 98 vulnerabilities in its products, including one zero-day. 11 fixed vulnerabilities are classified as "critical".
The first 0-day bug this year received the ID CVE-2023-21674 (8.8 points on the CVSS scale). It is known to have been used by attackers in real attacks to elevate privileges to the SYSTEM level and escape from the browser sandbox.
Unfortunately, Microsoft traditionally does not provide any details about the exploitation of the vulnerability and the attacks themselves.
Microsoft also paid special attention to the CVE-2023-21549 issue related to privilege escalation in the Windows SMB Witness Service. The company warned that the technical details of this vulnerability were disclosed publicly even before the release of the patch.
To exploit this vulnerability, an attacker could execute a malicious script that makes an RPC call to the RPC host. As a result, this can lead to privilege escalation on the server.
Android’s First Security Updates for 2023
Google announced the release of a service pack that fixes 60 vulnerabilities in the Android operating system. The first part of the update, which arrives on devices as security patch level 2023-01-01, resolves 19 security bugs in the Framework and System components.
A total of 11 elevation of privilege bugs were resolved in the Framework component this month, along with three denial-of-service (DoS) issues. 5 other elevation of privilege vulnerabilities were addressed in the System component.
Data leakage of 235 million Twitter users
The email addresses associated with 235 million Twitter accounts were published on a hacker forum. The base does not contain phone numbers associated with accounts. This is one of the biggest leaks in history. Experts believe that the data was collected at the end of 2021 using an exploit that the Twitter administration discovered and fixed in January 2022.
At the end of December, a hacker under the pseudonym Ryushi, who claims to have hacked Twitter, demanded a ransom from the owner and head of the social network, Elon Musk, for the personal data of users. The cybercriminal claimed to have gained access to the data of 400 million accounts.
AMD has discovered 31 new vulnerabilities in its Ryzen and EPYC processors
AMD updated information about vulnerabilities in its processors. Data on 31 vulnerabilities were added to the list, which, among other things, affect consumer Ryzen processors and server EPYCs. The developers also published a list of versions of the AGESA library that have implemented fixes to close the identified vulnerabilities.
Three vulnerabilities affect desktop and mobile versions of consumer Ryzen processors. They can be exploited by hacking the BIOS or by attacking the AMD Secure Processor (ASP) bootloader. Vulnerabilities affect desktop versions of AMD Ryzen 2000 processors, as well as Ryzen 2000G and 5000G hybrid chips with integrated graphics (Raven Ridge and Cezanne). In addition, AMD Threadripper 2000 and 3000 processors are affected, as are numerous Ryzen 2000, 3000, 5000, 6000, and Athlon 3000 mobile processors.
The remaining 28 vulnerabilities, 4 of which are of high severity, affect EPYC server processors. Vulnerabilities can be exploited by attackers to carry out various types of attacks, including remote code execution and data theft.