Today’s cyber threat intel roundup includes a series of security patches rolled out by different software companies. While Apple announced the release of macOS 14 Sonoma with fixes for more than 60 vulnerabilities, Mozilla released a stable version of Firefox 118 that addresses nine security flaws. Furthermore, Google issued an emergency security patch for the fifth Chrome zero-day vulnerability that has been exploited in the wild since the beginning of 2023.

Besides these, there’s a piece of information on misconfiguration issues in a third-party data logging app used by Tesla. Researchers found that the app has been leaking tons of Tesla cars’ details, which can be used by threat actors to launch malicious attacks.

Top Breaches Reported in the Last 24 Hours

Johnson Controls suffers ransomware attack

Johnson Controls International suffered a massive ransomware attack that affected its subsidiaries’ operations, the company’s devices, and VMware ESXi servers. While the company is actively mitigating the impacts, the websites of many of its subsidiaries, including York, Simplex, and Ruskin, have begun displaying technical outage messages on website login pages and customer portals.

Misconfigured TeslaMate leaks data

Redinent identified more than 1,400 misconfigured TeslaMate instances that could potentially expose tons of data about Tesla cars on the internet. This can put users at risk as attackers having access to this information, can use it to access a car’s live location and even launch malicious attacks.

Update on Microsoft email platform breach

In the latest information, the U.S. State Department accounts shared that Chinese hackers managed to steal 60,000 emails from 10 of its accounts in a Microsoft Exchange breach earlier this year. Nine of those victims were working on East Asia and the the Pacific, and one worked on Europe.

Internet-connected devices expose data

Nearly 314,000 distinct computers and other internet-connected devices have been found exposing millions of files on the internet. Some of these files were database backups, while many were spreadsheets on financial data. Thousands of other files contained authentication and credential data.

Update on Pareto breach

In a public notice, ChildFund New Zealand revealed that it was one of 70 charities impacted by the Pareto breach. The data accessed includes titles, names, postal addresses, and phone numbers of donors. Investigations are underway.

Cisco routers breached to target firms

In a joint advisory issued by the NSA, the FBI, the CISA, and Japan’s NISC, the agencies disclosed that the BlackTech APT group has been modifying Cisco router firmware to conceal its activity while targeting companies based in the U.S. and Japan. The attackers compromised several Cisco routers using variations of a customized firmware backdoor that could be enabled and disabled through specially crafted TCP or UDP packets.

Top Malware Reported in the Last 24 Hours

Malicious npm and PyPI packages

Researchers unearthed several malicious packages on npm and PyPI repositories, that were designed to steal a wide range of sensitive data from developers. The campaign was first observed on September 12 and, since then the attackers have uploaded 45 packages on npm (40) and PyPI(5). This indicates a rapid evolution in the attack.

Top Vulnerabilities Reported in the Last 24 Hours

Google addresses the fifth zero-day

Google issued a security patch for the fifth Chrome zero-day vulnerability exploited in the wild since the beginning of 2023. Tracked as CVE-2023-5217, the flaw is caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library. The flaw can be abused to cause arbitrary code execution or an application crash. In one instance, the flaw was abused by threat actors to install spyware.

A stable version of Firefox 118 released

Mozilla released a stable version of Firefox 118 with fixes for a total of nine vulnerabilities. Two of these vulnerabilities (tracked as CVE-2023-5168 and CVE-2023-5169) affect the browser’s FilterNodeD2D1 and PathOps components. Other vulnerabilities are related to use-after-free and remote code execution flaws. These security updates were issued for both Firefox and Thunderbird.

New PoC for RCE flaw released

Researchers released a new RCE exploit chain code for two vulnerabilities affecting Microsoft SharePoint Server. While one of these is tracked as a privilege escalation vulnerability (CVE-2023-29357), the other flaw is a remote code execution vulnerability (CVE-2023-24955) that was patched in May. To add more woes, Censys revealed that there are currently more than 100,00 Internet-exposed SharePoint servers that could be affected by the flaws.

Two flaws patched in a plugin

The Simple Membership plugin for WordPress is affected by two new security flaws that can lead to potential privilege escalation issues. Tracked as CVE-2023-41956 and CVE-2023-41957, these flaws affect versions prior to 4.3.4 and have been fixed with the release of version 4.3.5.

Apple releases macOS 14 Sonoma

macOS 14 Sonoma has been officially released by Apple with patches for over 60 vulnerabilities. The flaws can be exploited to obtain sensitive information, execute arbitrary code, escape sandbox, cause a DoS condition, bypass security mechanisms, and conduct UI spoofing. Some of these flaws can be triggered through specially crafted websites.