Adrian Johnson
TLDR:
- International enforcement agencies condemn GRU-linked threat actors and identify LockBit ransomware administrator.
- New malware “Cuckoo” acts as spyware on macOS devices, targeting sensitive data.
- F5 releases fixes for high-severity vulnerabilities in BIG-IP next Central Manager, leaving devices open to remote exploits.
In week 19 of cybersecurity, international law enforcement agencies took a hard stance against GRU-linked threat actors, formally condemning APT28 and identifying and sanctioning the administrator of LockBit ransomware. APT28, known for cyber espionage campaigns against European countries, was highlighted for attacks on government agencies and critical infrastructures using a zero-day vulnerability in Microsoft Outlook. The administrator of LockBit ransomware, Dmitry Yuryevich Khoroshev, is being sanctioned for his role in the group’s rise to one of the world’s most prolific ransomware variants.
An emerging malware called “Cuckoo” is targeting macOS devices, acting as spyware by stealing sensitive data and establishing persistence through a LaunchAgent that runs every 60 seconds during login. The malware exploits osascript to gather information and harvest data from various sources, including iCloud Keychain, Apple Notes, and popular apps. SentinelLabs reports a rise in Cuckoo samples and trojanized apps, with new variants appearing daily, posing a threat to macOS security.
F5 released fixes for two high-severity vulnerabilities in BIG-IP next Central Manager, allowing for the execution of malicious SQL commands through the API. These vulnerabilities could lead to remote exploits and device takeovers, posing significant risks to the security of web applications. Users are advised to patch immediately or restrict access to trusted users until updates can be installed, following a history of critical-level F5 flaws in recent years.
