Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
On February 16, Fortinet announced a security issue with a severity score of 9.8. The vulnerability could enable an unauthenticated attacker to write arbitrary files and achieve remote code execution with the highest privileges. To prevent exploitation, organizations should apply available security updates if they are using FortiNAC 9.4.0, or versions 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, and all versions on the 8.8, 8.7, 8.6, 8.5, and 8.3 branches.
Last month, Apple released security advisories which have now been updated to include three newly discovered vulnerabilities that affect iOS, iPadOS, and macOS. One of the flaws, identified as CVE-2023-23520, is a race condition found in the Crash Reporter component that could allow a bad actor to read arbitrary files with root access. Apple has addressed the issue by implementing additional validation. The other two vulnerabilities, CVE-2023-23530 and CVE-2023-23531, are located in the Foundation framework and could be exploited for code execution. These medium to high-severity vulnerabilities have been fixed in iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, which were released on January 23, 2023.
GoDaddy, the web hosting and domain name company, disclosed a recent attack on its infrastructure and revealed that it is part of a connected series of incidents that date back to 2020.
In an unusual move, the company has included details of the attacks in its Form 10-K, which is the formal annual report required by listed entities in the US. The report outlines an attack in March 2020 that compromised the hosting login credentials of roughly 28,000 hosting customers and a small number of employees, as well as a November 2021 breach of its hosted WordPress service.
According to the filing, the most recent attack occurred in December 2022 when an unauthorised third party gained access to GoDaddy's cPanel hosting servers and installed malware, which intermittently redirected random customer websites to malicious sites. Although the root cause of the incident is unknown, GoDaddy suspects that it could be part of a multi-year campaign by a sophisticated threat actor group, which included installing malware on the company's systems and acquiring pieces of code related to some of GoDaddy's services.
IR Team comment: “It could've been as a result of an Initial Access Broker (IAB). Initial Access Broker's are threat actors that specialise in the first stage of a breach i.e. gaining access to the organisation's internal network. They then advertise this to other threat actors (more commonly ransomware operators) who then bid/purchase the access off the IAB. To speculate, it could be that the IAB (if there was one) took 3 years to sell the access to another threat actor. The purchase price would depend on the perceived value of the target. GoDaddy being a web hosting/domain registrar company would mean it is highly targeted by attackers,” - Integrity 360’s Cyber Threat Response Manager Patrick Wragg.
During a live broadcast of President Vladimir Putin's address to Russia's elite on Tuesday, at least two Russian media websites went down. The website of the state-owned broadcaster VGTRK attributed the outage to "technical works," while the live-streaming platform Smotrim failed to load.
In a nearly two-hour speech, Putin pledged to continue Russia's ongoing war in Ukraine and accused the West of waging an economic war against Russia. The Ukrainian hacktivist group IT Army claimed responsibility for the incident, announcing on Telegram that it launched a Distributed Denial-of-Service (DDoS) attack on channels broadcasting Putin's address, with Russian state-controlled television channel 1TV also among its targets.
The IT Army, a collective of Ukrainian tech specialists, was established during the early days of the war and has conducted more than 15,000 DDoS attacks on Russian websites, including government services, banks, and private firms, over the past year.
Ireland’s National Cyber Security Centre launched an investigation this week after Virgin Media Television announced that it experienced a cyber-attack. The broadcaster reported an "unauthorised attempt" to access its systems in recent days, which has impacted the broadcasting of recorded programming on Virgin Media 3, 4, More, and VMTV Player. The company reassured its customers that it has strict cyber protection measures in place and has activated precautions in response to the attack.
In a statement, the broadcaster said, ‘To ensure maximum security, certain technologies have been temporarily disconnected while undergoing a review process. The broadcaster anticipates that normal service will resume after the completion of the review and verification process. It is important to note that the issue pertains only to Virgin Media Television and does not affect any other Virgin Media Ireland operations.’
Activision, the creators of Call of Duty, have confirmed that their systems were breached by hackers towards the end of last year. The threat actors successfully exfiltrated sensitive employee data and information about unreleased game content. The stolen data includes full names, email addresses, and phone numbers, as well as confidential information such as salaries and work locations.
Although the breach occurred on December 4, 2022, Activision did not announce or confirm the cyber-attack at the time, continuing the trend of large companies delaying the time between breach discovery and disclosure. The hackers gained access to the system after an employee fell for a text message phishing scam, as is often the case with data breaches. This highlights the crucial importance of ensuring that staff are adequately trained in recognising suspicious emails to prevent similar incidents from happening in the future.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.