Weekly Security News – 25th December 2023

Welcome to this week’s Security News and a very Merry Christmas to all of our readers!

If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

Google has released security updates for the Chrome web browser to address a high-severity zero-day vulnerability (CVE-2023-7024) that has been actively exploited in the wild. The flaw is identified as a heap-based buffer overflow in the WebRTC framework, capable of causing program crashes or enabling arbitrary code execution. The discovery and reporting of this vulnerability are credited to Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group, who identified and reported the issue on December 19, 2023. Users are urged to update their Chrome browsers to protect against potential security risks associated with this exploit.

Fake VPN Chrome extensions force-installed 1.5 million times

Three malicious Chrome extensions, disguised as VPNs (Virtual Private Networks), have been identified as browser hijackers, cashback hack tools, and data stealers. These extensions were downloaded 1.5 million times. Discovered by ReasonLabs, the malicious extensions were distributed through an installer hidden in pirated copies of popular video games such as Grand Theft Auto, Assassins Creed, and The Sims 4, available on torrent sites.

Cyber Attacks

Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft has reported that the APT33 Iranian cyber-espionage group is utilizing a newly discovered backdoor malware called FalseFont to target defense contractors globally. The Iranian nation-state actor, known as Peach Sandstorm, has been observed attempting to deliver FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector. The DIB sector, targeted in these attacks, encompasses over 100,000 defense companies and subcontractors engaged in researching and developing military weapons systems, subsystems, and components. Microsoft’s findings indicate an ongoing and targeted cyber-espionage campaign, emphasizing the importance of cybersecurity measures within the defence industry to safeguard sensitive information and intellectual property.

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor UAC-0099 has been identified in ongoing attacks targeting Ukraine, particularly focusing on Ukrainian employees working for companies outside of the country. These attacks exploit a high-severity vulnerability in WinRAR software to deliver a malware strain named LONEPAGE. Cybersecurity firm Deep Instinct revealed that the threat actor’s activities involve using phishing messages with HTA, RAR, and LNK file attachments. These attachments lead to the deployment of LONEPAGE, a Visual Basic Script (VBS) malware. LONEPAGE is capable of connecting to a command-and-control (C2) server to retrieve additional malicious payloads, including keyloggers, stealers, and screenshot malware. UAC-0099 was first documented by the Computer Emergency Response Team of Ukraine (CERT-UA) in June 2023, highlighting its attacks against state organizations and media entities for espionage purposes.

Housing association, Connexus hit by security attack

Connexus has reported an ongoing investigation into an incident involving unauthorized access to its systems. As a precautionary measure, the company has taken its systems offline to safeguard personal data. In a statement released on Monday, Connexus mentioned that its IT teams, in collaboration with relevant agencies, are actively working to assess the extent of the unauthorized access and to determine what information may have been compromised. The priority is to restore systems promptly, and normal service will resume as soon as possible. The company is taking these steps to ensure the security and protection of user data during the investigative and remediation process.


British teenager behind GTA 6 hack receives indefinite hospital order

Arion Kurtaj, an 18-year-old who engaged in a hacking spree, stealing 90 clips of the unreleased Grand Theft Auto 6 game, has been sentenced to an indefinite hospital order. Kurtaj, who is autistic, committed the offenses while on bail for hacking Nvidia and BT/EE. He was also under police protection at a Travelodge hotel when he continued his hacking activities, breaching Rockstar Games, the company behind GTA. Despite having his laptop confiscated, Kurtaj managed to carry out his cyber attack using an Amazon Firestick, his hotel television, and a mobile phone. He breached Rockstar Games’ internal Slack messaging system, threatening to release the source code unless the company contacted him on Telegram within 24 hours. The sentencing underscores the challenges of addressing cybercrimes committed by individuals with complex circumstances and highlights the need for appropriate legal responses in such cases.

INTERPOL Arrests 3,500 Suspects in Sweeping Cybercrime Operation

Interpol, the international police organization, has conducted a major operation resulting in the arrest of nearly 3,500 individuals allegedly linked to cybercrime. The operation, named Haechi IV, was announced on Tuesday and spanned 34 countries. As part of the operation, authorities seized assets worth $300 million. Additionally, over 80,000 suspicious bank accounts were blocked, and government officials were alerted to new types of scams involving artificial intelligence (AI) and fake non-fungible tokens (NFTs). Haechi IV reflects global efforts to combat cybercrime, emphasizing cooperation among law enforcement agencies to address the evolving nature of digital threats. The operation’s success highlights the importance of international collaboration in tackling cybercriminal networks and protecting individuals and organizations from cyber threats.