Month in Breaches: August 2022

Cybersecurity News, Month in Breaches / Month in Breaches

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices.

The list of issues is below –

  • CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content
  • CVE-2022-32894 – An out-of-bounds issue in the operating system’s Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges

Apple said it addressed both the issues with improved bounds checking, adding it’s aware the vulnerabilities “may have been actively exploited.”

The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it’s likely that they were abused as part of highly-targeted intrusions.

Both the vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple on 25th August also, released a security update for Safari web browser (version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.

CTRL Group recommend updating the Apple devices to the latest versions of iOS, iPadOS and macOS to mitigate potential exploitation attempts.


GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems.

Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.

At its core, the security weakness is a case of authenticated remote code execution that can be triggered via the GitHub import API. A successful exploitation of the critical flaw could enable a malicious actor to run malicious code on the target machine, inject malware and backdoors, and seize complete control of the susceptible devices. There is no evidence that the issue is being exploited in in-the-wild attacks.

While the issue has been resolved in versions 15.3.1, 15.2.3, 15.1.5, users also have the option of securing against the flaw by temporarily disabling the GitHub import option.

CTRL Group recommends users that are running an affected installation to update to the latest version as soon as possible or temporarily disabling the GitHub import option by following the below:

  • Click “Menu” -> “Admin”
  • Navigate to “Settings” -> “General”
  • Expand the “Visibility and access controls” tab
  • Under “Import sources” disable the “GitHub” option
  • Click “Save changes”


Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information.

The security breach is said to have occurred around mid-August 2022, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen.

According to LastPass, an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Amidst ongoing investigation into the incident, the company said it has engaged the services of a leading cybersecurity and forensics firm and that it has implemented additional countermeasures.

LastPass, however, did not elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that the break-in had no impact on users’ master passwords, adding there is no evidence of further malicious activity.

CTRL Group recommend using MFA and also to follow updated guidelines given by LastPass on this incident.


Related Articles

Cyber Breach and Cyber Incident response and cyber insurance are fundamental to an organisation's cybersecurity.
Cyber Insurance / Incident Response
Are you Cyber Ready for Cyber Insurance?
Read more
Penetration Testing / Penetration Testing
Interview with Penetration Tester
Read more
data breaches, cyber incident response
Data Breach / Cyber Advisory, Cyber Compliance
Managing Data Privacy in the New Normal
Read more