Sony System Allegedly Hacked: What the Latest Ransomware Attack Means For You

 

Australian cybersecurity publication Cyber Security Connect reported that Sony has been targeted by Ransomed.vc, a new group of hackers operating since September.
The hack allegedly exposed screenshots of Sony's internal log-in page, PowerPoint presentation, Java files, and a document tree containing 6,000 files.
The gang is believed to have connections to previous dark web forums and groups.

We have successfully [compromised] all of [Sony’s] systems,” Ransomed.vc proclaimed. “We won’t ransom them! We will sell the data. Due to Sony not wanting to pay.
DATA IS FOR SALE. WE ARE SELLING IT.”

Among the 6,000 files allegedly contained in the leak are various documents, such as "build log files," Java resources, and HTML data.
Most of the files are reportedly written in Japanese. Although Ransomed.vc has not specified a price for the data,
they have provided contact details for Sony to reach out and indicated a "post date" of September 28, which may be when the data is released to the public.
It is interesting to note that Ransomed.vc is not only a ransomware operator but also a ransomware-as-a-service organization.

This means that they are involved in the large-scale hacks of major corporations. Reports suggest that Ransomed.vc, which is said to be based in Russia and Ukraine,
is taking advantage of the EU's General Data Protection and Regulation (GDPR) and other data privacy laws to report any vulnerabilities or violations in company systems.
As reported by Cyber Security Connect, the group is utilizing laws to accomplish their goal.
Sony released a statement to IGN on September 26th regarding the claims, saying that they are currently investigating the situation and have no further comment at this time.

Apple is rushing to fix zero-day vulnerabilities used by the iPhone's Pegasus spy software

 Apple has released security patches for iOS, iPadOS, macOS, and watchOS to address two zero-day holes used to distribute Pegasus spyware from NSO Group.

The problems are listed below:

• CVE-2023-41061 - A validation flaw in Wallet that, when handled by a maliciously designed attachment, might lead to arbitrary code execution.

• When processing a maliciously created image, CVE-2023-41064, a buffer overflow flaw in the Image I/O component, might lead to arbitrary code execution.

• CVE-2023-41061 was identified internally by Apple with "assistance" from the Citizen Lab, whereas CVE-2023-41064 was discovered by the Citizen Lab at the Munk School of the University of Toronto.

• The updates are available for the following devices and operating systems -iOS 16.6.1 and iPadOS 16.6.1 - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

• macOS Ventura 13.5.2 - macOS devices running macOS Ventura

• watchOS 9.6.2 - Apple Watch Series 4 and later

Citizen Lab has discovered twin flaws in a zero-click iMessage exploit chain called BLASTPASS, which can deploy Pegasus on fully-patched iPhones running iOS 16.6 without any interaction from the victim. The exploit involves PassKit attachments containing malicious images sent from an attacker iMessage account to the victim. Technical details about the shortcomings have been withheld due to active exploitation, but the exploit bypasses Apple's BlastDoor sandbox framework to mitigate zero-click attacks.

While studying an unnamed device belonged to a Washington, D.C.-based civil society organization with foreign offices, Citizen Lab disclosed a recent discovery that mercenary malware and sophisticated exploits are targeting civil society.

Since the beginning of the year, Cupertino has repaired 13 zero-day defects in its software, more than a month after addressing an exploited kernel issue. The zero-days coincide with the Chinese government's decision to forbid the use of foreign-branded devices for work, which reduces reliance on foreign technology and intensifies the Sino-American trade war.

The Chinese government has banned iPhones and other foreign-branded devices for government officials to reduce reliance on overseas technology and amid the Sino-U.S. trade war. Security researcher Zuk Avraham claims that iPhones are not safe against simple espionage, despite their reputation as the most secure phone. He cites the number of 0-clicks commercial companies have experienced over the years, highlighting the lack of protection against cyber espionage via iPhones.

VMConnect Supply Chain Threat

 In recent months, the cybersecurity landscape has been marred by the persistence of the VMConnect Supply Chain Attack. This blog post aims to provide a professional yet easily understandable overview of this ongoing threat.

Understanding the VMConnect Supply Chain Attack

The VMConnect Supply Chain Attack is a sophisticated cyber threat that targets the software supply chain. This attack vector is particularly concerning because it infiltrates trusted software repositories and distribution channels, making it challenging to detect.
Diving into details
The researchers have discovered that the people behind this operation go to considerable measures to make their actions appear genuine. They set up GitHub repositories with descriptions that appear real and even employ legitimate source code.

• Tablediter (736 downloads), Request-Plus (43 downloads), and Requestspro (341 downloads) are some of the most recent packages found.

• Among these recently found packages, the first one appears to pose as a tool for modifying tables, while the other two mimic the widely utilized

Attributions

• While ReversingLabs was unable to positively identify the threat actor behind this campaign, Crowdstrike's analysts were confident in their identification of the malware's source as Labyrinth Chollima, a branch of the Lazarus Group, a state-sponsored threat organisation based in North Korea

• JPCERT/CC connected the attack to DangerousPassword, another Lazarus Group affiliate, in addition to the aforementioned information.

• These attributions, along with the striking code similarities between the packages discovered in the VMConnect campaign and those detailed in JPCERT/CC's investigation, have led researchers to the conclusion that the same threat actor is behind both assaults.

Conclusion

The VMConnect Supply Chain Attack is a persistent threat that demands vigilance and proactive security measures from organizations. By staying informed and taking steps to secure your software supply chain, you can better protect your systems and data from this evolving danger