⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey ? there, cyber friends!

Welcome to this week’s cybersecurity
newsletter, where we aim to keep you informed and
empowered in the ever-changing world of cyber threats.

In today’s edition, we will cover some interesting developments
in the cybersecurity landscape and share some insightful analysis
of each to help you protect yourself against potential attacks.

1. Apple ? Devices
Hacked with New Zero-Day Bug – Update ASAP!^[1]

Have you updated your Apple devices lately? If not, it’s time to
do so, as the tech giant just released security updates for iOS,
iPadOS, macOS, and Safari. The update is to fix a zero-day
vulnerability that hackers have been exploiting.

This vulnerability, tracked as CVE-2023-23529, is related to a
type confusion bug in the WebKit browser engine. What does this
mean? Well, it means that if you visit a website with malicious
code, the bug can be activated, leading to arbitrary code
execution. In other words, hackers can take control of your device
and access all your data.

It’s scary to think that simply visiting a website could lead to
a security breach. This is why it’s essential to keep your devices
updated with the latest security patches.

2. Don’t Be
the Next Victim: ESXiArgs Ransomware ? Strikes 500+ New European
Targets^[2]

Another expertly-crafted comprehensive coverage by Ravie
Lakshmanan.

In a recent discovery by cybersecurity firm Censys, more than
500 hosts have fallen victim to the ESXiArgs ransomware strain.
Most of these compromised hosts are located in France, Germany, the
Netherlands, the U.K., and Ukraine. What’s particularly concerning
is that Censys found two hosts with ransom notes dating back to
mid-October 2022, shortly after ESXi versions 6.5 and 6.7 reached
their end of life.

This means that the attackers behind ESXiArgs have been active
for several months, and were able to gain a foothold in these hosts
during a time when they were no longer receiving security updates
or patches. It also shows that ransomware attacks can take a while
to gain traction, and can often go undetected for months before
they are discovered.

What’s even more alarming is that the ransom notes on the two
hosts were updated on January 31, 2023, with a revised version that
matches the ones used in the current wave of attacks. This suggests
that the attackers have been refining their tactics and improving
their ransomware strain to make it more effective.

Ransomware attacks like ESXiArgs can be devastating for
organizations, causing data loss, financial losses, and
reputational damage. It’s important for organizations to stay
vigilant and ensure that their systems are always up to date with
the latest security patches and updates.

Additionally, having a solid backup and disaster recovery plan
can help organizations quickly recover from an attack and minimize
its impact.

3. DDoS Attack Breaks
Record – 71 Million ? Requests Per Second!^[3]

Cloudflare, a web infrastructure company, has reported that they
have successfully stopped a massive distributed denial-of-service
(DDoS) attack. This attack, which peaked at over 71 million
requests per second, is the largest HTTP DDoS attack that has been
recorded so far, breaking the previous record of 46 million
requests per second.

The attack was so large that Cloudflare has dubbed it a
“hyper-volumetric” DDoS attack. The attack was targeted at websites
that were secured by Cloudflare’s platform, and it is believed that
the attack originated from a botnet that was made up of more than
30,000 IP addresses from various cloud providers.

This attack is a reminder that DDoS attacks remain a significant
threat to websites and online services, and it is crucial for
companies to have robust security measures in place to protect
against such attacks.

4. Microsoft ?️
Releases Urgent Patches – Update Your Windows ASAP!^[5]

Microsoft has been busy this week, releasing security updates to
fix a whopping 75 vulnerabilities in its products. That’s a lot of
potential ways for cybercriminals to wreak havoc on our devices and
systems!

Three of the flaws have already been exploited in the wild, so
it’s crucial that users update their software as soon as possible.
In total, nine of the vulnerabilities are rated as Critical, which
means they could allow attackers to take over a device
remotely.

But wait, there’s more! 37 of the flaws are what are known as
remote code execution (RCE) vulnerabilities. These are particularly
dangerous because they allow attackers to execute code on a
victim’s device without any interaction or permission.

So, if you’re using any Microsoft products, it’s best to update
them as soon as possible.

5. Linux ? and IoT
Devices Under Attack by V3G4 Mirai Botnet^[6]

A new variant of the infamous Mirai botnet has been spotted
wreaking havoc in the world of Linux and IoT devices. This new
version, dubbed V3G4 by the experts at Palo Alto Networks Unit 42,
is making use of 13 security vulnerabilities to spread itself far
and wide.

As we know, the Mirai botnet has a notorious history, having
been responsible for several high-profile attacks in the past. This
new variant only serves to underscore the importance of keeping our
devices and systems up to date with the latest security patches and
measures.

6. Your Favorite Apps
Could be Carrying a Dangerous Virus – ? Stay Alert!^[7]

Cybercriminals have launched a new type of attack targeting
Chinese-speaking individuals in Southeast and East Asia. Using
rogue Google Ads, they are tricking people looking for popular
applications like Google Chrome, WhatsApp, and Skype and directing
them to fake websites that download malware onto their
machines.

The attacks are particularly insidious because they use
seemingly legitimate Google Ads to lure in victims. The malware
being downloaded is a remote access trojan called FatalRAT, which
gives the attackers complete control over the infected machine.

Security researchers are urging people to be cautious when
downloading applications, especially from unfamiliar websites.

Well folks, that’s all for this week’s cybersecurity
newsletter.

As always, remember that cybersecurity is not just a one-time
event or a quick fix. Whether it’s using strong passwords,
regularly updating your software, or staying aware of phishing
scams, every small action can make a big difference in safeguarding
your online security.
So keep those firewalls up, keep those updates coming, and let’s
continue to stay curious, stay vigilant, and stay safe in the
ever-changing digital landscape.

And above all, remember that cybersecurity is a community
effort. We appreciate your readership and feedback and are always
here to answer your questions and address your concerns. Please let
us know if you have any suggestions for topics you’d like us to
cover in future newsletters.

Thank you for joining us on this cybersecurity journey, and we
look forward to sharing more insights and updates with you in the
weeks ahead. Until next time, stay cyber-secure!