Cybernews September 2023

Discover our Cybernews September 2023 infographic. This is the recap of news on Cybersecurity during the month of September 2023.

iOS: An urgent update against Pegasus spyware

Pegasus spyware, marketed by the Israeli company NSOGroup, has been found in version 16.6 of iOS. The intrusion uses a new “zero-click” flaw, called Blastpass.

Two flaws have been discovered:

• CVE-2023-41064: Buffer overflow in the Image I/O component, allowing arbitrary code to be executed using a simple image
• CVE-2023-41061: In the “Wallet” application, the CVE allows the execution of arbitrary code via a PassKit attachment

Apple had to react quickly by releasing an update for iOS, iPadOS, macOS Ventura 13.5.2 and watchOS 9.6.2.

Security flaw for Apache Commons

The Federal Office for Information Technology Security has issued a security advisory concerning a vulnerability in Apache Commons.

This security flaw affects Linux and Windows operating systems, as well as the Apache Commons product.

The manufacturer strongly recommends updating Apache Commons.

Thus, CVE-2023-42503 allows a cyber-attacker to carry out a Denial of Service attack.

Here are the characteristics of CVE:

• Risk level: 3 (medium)
• CVSS Base Score: 7.5
• CVSS temporal score: 6.5
• Remote Claw: Ja

Google Chrome and its flaws

The problem with Chrome extensions

Researchers in the United States have created an extension for the Google Chrome browser and uploaded it to the Chrome Store.

In their experiment, they discovered that Chrome’s extension authorization system allows cybercriminals to steal user IDs and other sensitive information directly from the source code in plain text.

According to the researchers, 190 extensions that have been downloaded more than 100,000 times attempt to exploit the security flaw.

CVE-2023-5217

At the end of September, Google had to urgently deploy a patch for its Chrome search browser.

A flaw referenced as CVE-2023-5217 enables head buffer overflow, exploiting the VP8 video codec.

This allows cyber criminals to remotely execute code or install spyware.

The Open-Source software “libwebp”

The Chrome, Firefox, Brave and Edge browsers have been urgently updated following the discovery of a serious security flaw.

This vulnerability (CVE-2023-4863) allows cybercriminals to simply access sensitive user data.

The flaw is made possible thanks to the open-source software “libwebp”. It can read and display image files in “WebP” format.

Criminals can manipulate WebP images in such a way as to cause “libwebp” to malfunction. This enables cybercriminals to use malicious code to install malware or gain direct access to data.

CoinEx and the theft of cryptocurrencies

On September 12, 2023, the crypt exchange CoinEx, a global cryptocurrency exchange platform between professionals, suffered a computer intrusion into “hot wallets”, cryptocurrency wallets connected to the Internet.

Hackers managed to infiltrate “hot wallets” thanks to the compromise of private keys.

Hackers managed to steal $70 million in cryptocurrencies in Bitcoin, Ethereum, and others.

It appears that the North Korean hacker group Lazarus is behind this cyber attack.

CoinEx assured that customers would be 100% compensated and temporarily blocked all withdrawals from customer accounts.

Security flaw affects generative AI

A security flaw has been discovered on generative AIs like ChatGPT and Google Bard. The flaw exploits a Prompt Injection attack. It makes it possible to bypass the linguistic restrictions implemented by generative AI.

Indeed, users can manipulate the chatbot to use it for malicious purposes and push it to generate illegal or even dangerous content.

In this way, AI can explain how to create cocaine, how to carry out a phishing attack or even how to commit murder.

Hackers can use an indirect attack to steal company data or install malware on a target.

The International Criminal Court in The Hague, victim of an intrusion

On September 19, 2023, the International Criminal Court (ICC), based in the Netherlands in the city of The Hague, declared that it had suffered a computer intrusion during the week of September 11.

No further details were leaked or disclosed, the ICC only said that it immediately responded by adopting measures and tools to strengthen their IT security.

The Criminal Court office said it was searching for and prosecuting the perpetrators of the cyber attack.

In Strasbourg, a hospital group is the victim of a cyberattack

On the night of Wednesday, September 6, the IT system of Strasbourg-based Groupe hospitalier Saint-Vincent suffered a cyberattack.

The hospital group had to operate in downgraded mode in order to continue caring for patients from the 30 healthcare establishments.

All systems and applications have been disconnected from the Internet. As a result, patients had to fill in forms, medication was prescribed on paper and handwritten, and mailboxes, printers and transfer software stopped working for several days at a time.

Paw Patrol cookie QR codes link to pornographic sites

In the UK, German retailer Lidl has had to recall all available and marketed stock following the hacking of QR codes on packs.

Indeed, after scanning the QR code on the packets, the children and buyers of these products landed on a site displaying pornographic content.

Before it was hijacked, the site belonged to the company responsible for Pat’Patrouille marketing, which was dissolved in June 2022.