In this advisory we include information on the discovery of malicious encryptors on Apple computers, Google Chrome zero day vulnerability, and some tips for good data privacy practice.
Discovery of Ransomware Samples in Apple Macs
Samples of ransomware encryptors have been discovered purportedly from the LockBit ransomware gang, marking the first known example of a prominent ransomware group toying with macOS versions of its malware.
LockBit appears to have created both a version of the encryptor targeting newer Macs running Apple processors and older Macs that ran on Apple’s PowerPC chips.
Researchers say the LockBit MacOS encryptors appear to be in a very early phase rather than anything that’s fully functional and ready to be used but it could be an indicator of future plans.
Sources / Further Reading:
https://www.wired.com/story/apple-mac-lockbit-ransomware-samples/
Google Chrome Vulnerability – CVE-2023-2033
On April 14th Google released an emergency security update for a zero day vulnerability in its Chrome desktop browser that it reported is being actively exploited.
The vulnerability, CVE-2023-2033, has a CVSS rating of high and is classified as a confusion flaw located in Chrome’s V8 open-source JavaScript engine. NIST describes exploitation of the flaw as allowing “a remote attacker to potentially exploit heap corruption via a crafted HTML page”.
Impacted Products
Windows, macOS and Linux versions of the Google Chrome desktop browser prior to build version 112.0.5615.121.
Sources / Further Reading
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
https://www.scmagazine.com/news/application-security/zero-day-in-google-chrome-patched-bug-exploited-in-the-wild
Tips for Good Data Privacy Practice
Embedding good privacy practices from the beginning is the most efficient and effective way to protect privacy. Some tips include:
- Develop a privacy policy and make it publicly available, being open and transparent.
- Collect and retain de-identified data where possible, rather than personal information.
- Get the individual’s consent for new uses and sharing of personal information.
- Check the privacy practices of third parties with which you share personal information.
- Collect personal information directly.
- Notify individuals when you collect their personal information, include how and why the information is collected.
- Protect the personal information you hold.
- Be prepared for a data breach, have a response plan in place.
- Practice good privacy governance by implementing operational practices and procedures that support your privacy policies.
