Advisory

BACKGROUND

Akira is a ransomware group which was first observed in March 2023. Akira ransomware actors typically gain access to victims’ devices by using compromised credentials. Its operators use multi-extortion tactics, steal victims’ critical data and encrypts devices and files before demanding outrageous ransom payments. Victims who fail to comply with their demands will be listed on their TOR-based website along with the stolen data.

BACKGROUND

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability (CVE-2023-20269) in the VPN feature of Cisco’s Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software, to gain access to corporate networks.

BACKGROUND

Apple has released security updates for iOS, macOS, iPadOS and watchOS to fix two zero-day vulnerabilities which have been exploited in the wild to compromise Apple products without any interaction from the victim. The exploit allows attackers to target victims with NSO Group’s Pegasus Spyware, without any interaction from the targeted user.

The two known vulnerabilities are tracked as CVE-2023-41064 and CVE-2023-41061. 

IMPACT

BACKGROUND

Apple users are strongly advised to install an urgent Rapid Security Response (RSR) update to address 
a vulnerability that impacts fully patched iPhones, Macs, and iPads. The RSR patches includes updates 
for the latest versions of macOS, iOS, iPadOS, and Safari.

IMPACT

BACKGROUND

Fortinet has issued a warning on a vulnerability affecting several versions of Fortinet FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. The security flaw is tracked as CVE-2022-42475 which is rated Critical and assigned a CVSS score of 9.3
out of 10. The attacks are said to be complex and highly targeted at “governmental or government-related targets.”

BACKGROUND
 
Dridex, also known as Bugat and Cridex, is a banking malware that steals sensitive data from infected machines, and also deliver and execute malicious modules. Previously targeting Windows computers, it is now targeting Macs to spread by using email attachments that look like regular documents.
 
MODUS OPERANDI
 

An increasing number of local WhatsApp users have reported their accounts being hacked recently. The user would receive an SMS containing a 6-digit verification code, then someone on WhatsApp will ask for the code. Once the code is shared, the scammer will be able to login to your WhatsApp account, and you will be logged out.