A series of cyber threats have emerged, with a newly discovered spyware campaign, dubbed 'Operation Triangulation,' targeting Apple iPhones through a zero-click remote code execution that exploits four zero-day vulnerabilities, as reported by Ars Technica. This includes the use of undocumented MMIO registers and hardware features. Additionally, the ransomware gang ALPHV/BlackCat has announced an expansion of its target range to include nuclear power plants, hospitals, and critical infrastructure. Researchers have revealed that a zero-click iMessage attack, which utilized four zero-days, has compromised iPhones for over four years, with Kaspersky staff among the victims. A TrueType vulnerability, two kernel exploits, a browser exploit, and an undocumented hardware feature were part of this iMessage exploit. The Qualys Threat Research Unit reported that over a third of high-risk vulnerabilities impact network devices and web applications. In a separate incident, Chinese threat actors exploited a new zero-day vulnerability (CVE-2023-7102) in Barracuda's Email Security Gateway appliances to deploy a backdoor. There are also reports of a collection of zero-day exploits being used in the wild for around a decade, with payloads that use machine learning to interpret and OCR photos on compromised cellphones.
This collection of zero day exploits being used in the wild for perhaps 10 years is wild. Evidently the payload it got onto cellphones also used some kind of machine learning to interpret photos on the device and OCR them. https://t.co/JpGYs1sqaf
"Operation Triangulation" https://t.co/l2BB5xkPLg A newly discovered spyware campaign targeting Apple iPhone using a zero-click remote code execution via an attack chain of 4 zero-days, including highly mysterious, completely undocumented MMIO registers and hardware features… https://t.co/xNHxpSkG33 https://t.co/dSj3NXUXEC https://t.co/VA5TVvX8tf
This iMessage exploit is crazy. TrueType vulnerability that has existed since the 90s, 2 kernel exploits, a browser exploit, and an undocumented hardware feature that was not used in shipped software: https://t.co/YJdY6alLbV https://t.co/aSezqPoJGP
Researchers detail a zero-click iMessage attack that used four zero-days and hacked iPhones for over four years, including dozens belonging to Kaspersky staff (@dangoodin001 / Ars Technica) https://t.co/KW3GbCdDZa 📫 Subscribe: https://t.co/OyWeKSRpIM https://t.co/ywUmTTkkRq
⚠️ALERT: Chinese threat actors exploited a new zero-day #vulnerability (CVE-2023-7102) in Barracuda's Email Security Gateway (ESG) appliances. Learn how they deployed a backdoor on select devices. Read details: https://t.co/KyFWfDZhyd #cybersecurity #hacking
Ransomware gang ALPHV/BlackCat said it was expanding the range of victims its network of affiliates could target to now include nuclear power plants, hospitals and critical infrastructure. #cybersecurity #infosec #ITsecurity #ransomware https://t.co/1g0pk6acGY
A report by the Qualys Threat Research Unit (TRU) has found threat actors taking advantage of zero day vulnerabilities with over a third of high-risk vulnerabilities affecting network devices and web applications. Read more here: https://t.co/9yid9fdks5 #Cybersecurity #InfoSec https://t.co/I9ajO9BWUT