Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Apple fixes 2 new zero-day Vulnerabilities 

Apple has released a patch for iOS, iPadOS and mac OS. This security applies patches to two recently discovered zero-day vulnerabilities:

  • CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content
  • CVE-2022-32894 - An out-of-bounds issue in the operating system’s Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges

Apple made a statement about the vulnerabilities saying that the above have been rectified within the latest update. They also know that the vulnerabilities “may have been actively exploited.”

If you have not done so and use apple devices, it is essential to check that you are running the latest operating system version and that all security patches are installed. You can easily ensure that your systems are updated with the latest patches by ensuring that Automatic Updates are enabled. 

As of today, the latest versions that fixed the above-mentioned vulnerabilities are:

iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1

Which are available on:

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later, and iPod touch (7th generation).

Neu Cyber Threats

Family-run car dealership hit with ransomware

On Thursday, 28th July 2022, the UK’s largest family-run car dealership was hit with a large-scale ransomware attack. The result has dealt with Data Theft & Damage, which will not be repairable for some of their network systems. The Stoke-on-Trent-based company was hit with the ransom demand after hackers stole two years’ worth of data, including staff information.

Staffordshire Police, the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have been called to investigate what happened.

Although most systems are back up and running, and the core dealer management system that hosts customer data was unaffected, the firm admitted some infrastructure had been damaged.

A statement from the dealership stated: “We have now managed to resolve the majority of the access issues that employees have been experiencing, although some of our core systems have been damaged beyond repair or have been permanently deleted.”

It is essential to ensure well-structured backups are in place so that all systems can be restored in case of ransomware. Many ransomware attacks can be prevented by ensuring staff are trained on how to identify phishing attempts. Utilising things like email security checks like Mimecast will sandbox links to ensure they are safe.

Chrome Zero-day vulnerability exploited 

This Tuesday saw a new release for Chrome to patch 11 total vulnerabilities, including a new zero-day. This new vulnerability has been seen actively being exploited in the wild and tracked as  CVE-2022-2856.  In short, the vulnerability utilises a case of insufficient validation of untrusted input n intents.

The latest version of Chrome addresses this vulnerability and the other ten that have been discovered. Users are advised to update version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes when they become available.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.