Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Keep your Apple devices up to date automatically
Apple frequently releases product updates and security patches for its devices. To make sure you’re always on the latest version of the operating system for your systems, consider enabling automatic updates. Visit Settings, General, Software Update, Automatic Updates, then turn on Download iPadOS Updates and Install iPadOS Updates. If you are connected to Wifi and your device is plugged in (or your battery is at least 50% charged), you will get the latest patches overnight – without lifting a finger.
Patch now: Apple releases emergency security updates for two zero-day vulnerabilities
Apple has released an emergency security update to fix two zero-day vulnerabilities on iPhones, iPads, and Macs. Apple confirms that they have seen reports that the vulnerabilities may have already been exploited in the wild.
The key vulnerability (coded CVE-2022-32894) addressed in the patch is a bug that could allow a hacker to gain access to the operating system to execute arbitrary code with full access privileges. This “super user” access could allow an attacker to take complete control over a device and its data. A second bug (coded CVE-2022-32893) is a vulnerability in Apple’s WebKit HTML rendering software. A hacker could trick a user into accessing a maliciously crafted website or code to facilitate the compromise of an unpatched system.
Users of the following Apple products are urged to act as soon as possible:
• Upgrade iPhone 6s and later to iOS 15.6.1
• Upgrade iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) to iPadOS 15.6.1
• Upgrade Macs running macOS Monterey to macOS Monterey 12.5.1
The versions listed are effective August 21, 2022. The latest versions of all Apple products are documented at https://support.apple.com/en-ca/HT201222.
Major U.S. freight factoring company recovering from ransomware attack
Texas-based Apex Capital Corp. and its subsidiary TCS Fuel have resumed most of their operations after being victimized by a ransomware attack on August 15. Apex, a full-service freight factoring company that specializes in small to medium-sized trucking companies, originally reported an “unplanned system outage” on August 15. On August 17, Apex president Chris Bozek posted an update confirming that malware was involved. “Apex has experienced a major system outage,” Bozek wrote. “We were infected by malware, and we are continuing to work around the clock to get our systems back online. The good news is our core systems and client databases remain intact and we are successfully bringing our processing back online. However, this continues to be a slow process.”
Chris Courts, president of TCS Fuel posted a virtually identical update on August 17 as well.
By August 21, both companies reported significant progress in resuming operations. Apex announced “good news: we are very close to having a ‘limited’ version of AMP and the mobile app back online. As you would expect, we are going through an intensive testing process to ensure system stability. We will send an update, along with a list of the available features as soon as these systems are online.” Meanwhile, TCS announced “that MyTCSFuel and the TCS mobile app are now available with limited functionality,” with only select payment and reporting services still down.
Ransomware gang BlackByte has claimed responsibility for the attack. A trove of data allegedly belonging to Apex has been offered on BlackByte’s newly revised Tor data leak site. This “BlackByte 2.0” site provides a ransom menu advising that anyone can pay $5,000 (all figures USD) to extend the company’s data release for 24 hours; $300,000 to destroy all the exfiltrated information; or $200,000 to download all of Apex’s data. Neither Apex nor TCS have announced whether a ransom is being considered in the wake of the incident.
BlackByte has been in operation since summer 2021. Their highest-profile cyber attack was against the San Francisco 49ers NFL football club, but they are widely believed to have been behind attacks against critical infrastructure, government facilities, financial services, and food and agriculture concerns as well.
Colorado county computer systems shut down by cyber attack
Another public sector organization fell victim to cyber attack when the computer systems of Fremont County, Colorado were compromised in a security incident on August 17. The attack led to the operational shutdown of the Department of Human Services, Public Health, and the Fremont County Administration Building. The administration building houses numerous services including the county assessor, treasurer, coroner, veterans’ services, and the planning and zoning function. All Fremont County government buildings and computer systems are to remain closed through at least August 22 as recovery efforts continue.
According to a press release from the county, “an incident response team jointly led by Fremont County Emergency Management and the Governor’s Office of Information Technology (OIT) has been mobilized with support from the Colorado Division of Homeland Security and Emergency Management (DHSEM), Colorado State Emergency Operations Center (SEOC) and federal partners.”
As the investigation is still underway, “specifics regarding the nature and cause of the event cannot be disclosed at this time,” according to the announcement, though the authorities have advised that there is no current indication that data was exfiltrated during the attack.
Email and website services for the county remain down as of August 21; the county is using a Google Sites web page to communicate status updates while the primary site remains out of service.
