SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Wiper malware disguised as ransomware targets Ukrainian users, government agencies
Description: Several cyber attacks against Ukrainian government websites — including website defacements and destructive wiper malware — have made headlines over the past few weeks as military tensions along the Russian/Ukrainian border have escalated. Cisco Talos research found that The WhisperGate malware has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage. The multi-stage infection chain downloads a payload that wipes the MBR, then downloads a malicious DLL file hosted on a Discord server, which drops and executes another wiper payload that destroys files on the infected machines.
IOC hashes to blocklist:
Title: Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data
Description: Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities. This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists in its desktop and mobile operating systems. The issue arises if an attacker tricks a user into opening a specially crafted, malicious file. An attacker could exploit this vulnerability to leak the target’s heap addresses and other information that could aid in further exploitation if the leaked data can be accessed in the context of a vulnerable application.