Apple issues urgent updates to fix new zero-day linked to Pegasus spyware
Apple released emergency security updates Monday after it was discovered that an Israeli cyber surveillance company’s spyware could infect iPhones and other devices without the owner even clicking on a link. Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The updates are in response to a zero-day exploit called “FORCEDENTRY” (aka Megalodon) that was weaponized by Israeli surveillance vendor NSO Group and allegedly used to install Pegasus spyware on the phones of activists in Bahrain. Apple iPhone, iPad, Mac, and Apple Watch users are advised to immediately update their software to mitigate any potential threats arising out of active exploitation of the flaws.
(The Hacker News and Axios)
Update Google Chrome to patch 2 new zero-day flaws under attack
On Monday Google released security updates for its Chrome web browser to address “a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.”CVE-2021-30632 and CVE-2021-30633, focus on “an out-of-bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively.” Chrome users are urged to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux to mitigate the risk associated with the flaws.
New Zloader attacks disable Windows Defender to evade detection
According to Microsoft, its Defender Antivirus (formerly Windows Defender) is an anti-malware solutioninstalled on more than 1 billion systems that run Windows 10. An ongoing campaign using the banking trojan Zloader uses a new infection chain to disable it to evade detection. The attackers have also changed the malware delivery vector from spam or phishing emails to TeamViewer Google ads published through Google Adwords, redirecting the targets to fake download sites. From there, they are tricked into downloading signed and malicious MSI installers designed to install Zloader malware payloads on their computers.
Walmart hoax causes Litecoin to spike 20%
A fake press release, issued by GlobeNewswire, claimed Walmart had announced a significant partnership with Litecoin. The news caused Litecoin to spike and quickly tank after the news was exposed as a hoax. According to some reports, Litecoin (LTC-USD) spiked at 25% in under half an hour, spurring LTC up from $174 to a “session high of $232.” Experts quickly pointed out inconsistencies in the press release, noting how critical it is to conduct thorough research before falling for entirely fabricated news presented as factl.
Thanks to our episode sponsor, Sonrai
WooCommerce multi-currency bug allows shoppers to change ecommerce pricing
According to Threatpost, “WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato allows e-tailers using WooCommerce to set pricing for international shoppers” by automatically detecting a customer’s location and displaying prices in the appropriate currency, with the exchange rate either set manually or automatically using current exchange rates. Experts at the Ninja Technologies Network (NinTechNet) say “the issue is a broken access-control vulnerability in version 2.1.17 and below, impacting Multi Currency’s “Import Fixed Price” feature, which allows eCommerce sites to set custom prices, thus overwriting any prices calculated automatically by exchange rate.”
Close to half of on-prem databases contain vulnerabilities, with many critical flaws
A five-year study conducted by Imperva shows that half of all businesses using on-premise servers contain vulnerabilities that may be prone to exploitation. The study, which was released on Tuesday, analyzed 27,000 databases and their security posture. “In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities. On average, each database contained 26 security flaws, with 56% ranked as a “high” or “critical” severity bug, including code execution vulnerabilities that can be used to hijack an entire database and the information contained within.” The report shows that a simple Shodan scan can find a target and execute a malicious payload. “This indicates that many organizations are not prioritizing the security of their data and neglecting routine patching exercises,” Imperva says. “Based on Imperva scans, some CVEs have gone unaddressed for three or more years.”
(ZDNet)
Alibaba slides on report China plans to break up payment app
According to the Financial Times, “shares in Chinese technology giant Alibaba have fallen sharply after a report that its financial affiliate Ant Group is again under scrutiny.” Regulators are seeking to break up Alipay, China’s largest payments app, which has more than a billion users, in order to create a separate platform for the app’s profitable lending operation. “This would be the latest move by Beijing to tighten its grip on big businesses, and “Ant could also be forced to hand over the user data that underpins its loans decisions to a new credit scoring firm, which would be partly state-owned, the report said.”
(BBC News)
Brits open doors for tech-enabled fraudsters because they ‘don’t want to seem rude’
According to the trade association UK Finance, “the number of impersonation scam cases more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.” The association believes the frauds – delivered by text, email, or voice calls – have duped “even the savviest” Brits out of almost £200m over the last year. “SMS phishing (smishing) attacks in the UK grew by nearly 700 per cent in the first half of 2021 compared to the previous six months.”