07/29/2023
Happy Friday Everyone! Another week in the books and a little bit of everything to bring us into the weekend! Starting off, we have a couple of security updates from Apple and AMD followed by exploration into tactics and techniques being developed and leveraged in the wild by researchers and threat actors alike including the latest implementation of ChatGPT for the bad guys. We’ll close out with a glimmer of hope regarding public disclosure of breaches that could potentially harm a consumer base. That’s not how it’s worded or the intent…. But that’s the implication for the security centric. Let's Begin!
Small Updates
Apple: The tech giant has released yet another security update to address a zero-day vulnerability exploited in the wild which marks the 11th to be actively exploited this year. This is a huge surge is activity targeting Apple’s walled gardens and delivers an proper metric to reports made all throughout the year that advanced threat actors are beginning to put greater and greater effort into developing methods for accessing Mac systems. This latest update, released Monday patches CVE-2023-38606, was a part of the zero-click exploit chain used to deploy Triangulation spyware on iPhones via iMessage vulnerabilities first discovered by security experts at Kaspersky and later publicly disclosed by representatives of the Russian government who broadcasted to the world during Apples WWDC that the tech giant was working with the CIA to spy on Russian diplomats despite lacking definitive evidence and ignoring the reality that America’s spies can develop their own malware just fine. Just ask the Iranians. While you may not be a Russian “diplomat”, knowledge for how to exploit these vulnerabilities has been released enabling lower tier hackers to utilize the loopholes in their own shoddy kill chains for use against lower profile targets like me and you so be sure to keep your devices as up-to-date as possible!
About the security content of macOS Ventura 13.5
This document describes the security content of macOS Ventura 13.5.
support.apple.com
AMD: If your computer is using an AMD processor, you will want to look up the latest security patch to a vulnerability discovered by a persistent researcher out of Google, Tavis Ormandy. This new vulnerability, tracked as CVE-2023-20593, impacts AMD Zen2 CPUs and could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. According to Ormandy, while this won’t be earning any speed records, “This is fast enough to monitor encryption keys and passwords as users login!" The flaw impacts all AMD CPUs built on the Zen 2 architecture, including the Ryzen 3000, Ryzen 4000U/H, Ryzen 5000U, Ryzen 7020, the ThreadRipper 3000 and Epyc "Rome" server processors but one thing to keep in mind is that this is only the start of a project within Google to discover vulnerabilities in CPUs, so this may only be the first of many to come out of Ormand’s lab. In the meantime, if your machine(s) runs on one of these CPUs, it is recommended that you apply AMD's new microcode update or wait for your computer vendor to incorporate the fix in a future BIOS upgrade.
Know Your Enemy
Ubuntu: Linux is not exactly known for vulnerabilities due to its audit friendly simplicity and self-selecting, technically inclined user base. However, two Linux vulnerabilities discovered recently in the Ubuntu kernel, the most popular of all Linux distros, create the potential for unprivileged local users to gain elevated privileges on roughly 40% of Ubuntu's user-base! tracked as CVE-2023-32629 and CVE-2023-2640, these two flaws seem to be the result of conflict between custom changes by Ubuntu to OverlayFS module, a union mount filesystem implementation made in 2018, and changes made by the Linux kernel project in 2019 and 2022. Put in simpler terms, the most widely used Linux distort has not one but two serious flaws in a critical piece often targeted by threat actors due to being plagued by easily exploitable bugs and allowing unprivileged access via user namespaces. What makes this a perfect storm is that as PoCs for the two flaws have been publicly available for a long time. It should be noted that the two highlighted flaws only impact Ubuntu, and any other Linux distribution, including Ubuntu forks, not using custom modifications of the OverlayFS module should be safe. Ubuntu has released a security bulletin about the issues and six more vulnerabilities addressed in the latest version of the Ubuntu Linux kernel and has made fixing updates available. Users are advised to update their OS at the earliest convenience!
FraudGPT: The age of easily discernible phishing emails fraught with grammatical errors and predictable predatory patterns may be coming to a close. Following the footsteps of WormGPT, also known as ChatGPT for hackers built on the open source GPT-J language model which was covered here last week, threat actors are advertising yet another cybercrime generative artificial intelligence tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. The potential developer, CanadianKingpin, boldly announces “If you're looking for a Chat GPT alternative designed to provide a wide range of exclusive tools, features, and capabilities tailored to anyone's individuals with no boundaries then look no further!" on his Telegram page and for low price of $200 a month, $1,000 for six months, or $1,700 for a year, a novice hacker can use FraudGPT to write malicious code, create undetectable malware, find leaks and vulnerabilities, all without having to craft clever prompts to get passed controls designed to prevent nefarious requests from being answered. With more than 3,000 confirmed sales and other variants likely on the horizon, it has become vital, now more than ever to drill, phishing email recognition into the hearts and minds of every team member in an organization, not just the security focused among us. Phishing emails are responsible for the gross majority of breaches and that's without a super helpful chatbot to type out convincing messages. the emphasis will then be on strange domains and strange requests but not everyone has the correct instincts drilled. Be mindful, work with your teams, and report strange messages making it through the spam filter. We've some interesting times ahead.
You Have To The Count of Four
Gone are the days when large, publicly traded companies can deliberate and delay disclosure of a breach to their network for months at a time to decide how to word the press release! Well, maybe. The U.S. Securities and Exchange Commission (SEC) approved new rules on Wednesday that now require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances with the only caveat that disclosure may be delayed by an additional period of up to 60 days should it be determined that giving out such specifics "would pose a substantial risk to national security or public safety." All of this may sound effective at making it more difficult for companies to hide their issues. permitting consumers to respond to threats effectively but CEO Sakit Modi of Safe Security points out one critical detail: "The key word here is 'material' and being able to determine what that actually means, Most organizations are not prepared to comply with the SEC guidelines as they cannot determine materiality, which is core to shareholder protection. They lack the systems to quantify risk at broad and granular levels." One also has to note that the regulation is coming down from the SEC which is more concerned with financial regulation than the quality of life for the average American but there is some hope that the unintended side effect of these regulations will receive some interest as well. Currently, only California has laws regarding the speedy disclosure of network breaches to all affected parties which is vital to individuals protecting themselves from threat actors. We will see if any regulators take up the cause.
Thank you Cuttler!
Learn more about popular features and topics, and find resources that will help you with all of your Apple products.
