Apple releases emergency update for iPhones, iPads, and Apple Watch
The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively, and have been released to address a serious zero-day vulnerability in all three platforms, discovered by Google’s Threat Analysis Group, and which affects Apple’s WebKit browser engine. The vulnerability is being actively exploited and may be used to carry out malicious actions such as directing users to phishing sites. Underlining the seriousness of this vulnerability is the fact that Apple has pushed out iOS 12.5.2 for older devices as well
(ZDNet)
Android system update may contain spyware
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. This sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices. The identity of the malware authors, the targeted victims, and the ultimate motive behind the campaign remain unclear as yet.
Senators offer to let NSA hunt cyber actors inside the US
A bipartisan group of senators offered to help expand the National Security Agency’s authority allowing the spy agency to hunt domestically for signals intelligence against foreign adversaries that U.S. officials have said are behind a string of recent attacks, like SolarWinds and the Microsoft Exchange Servers hacks. Gen. Paul Nakasone, who leads both the NSA and U.S. Cyber Command told senators that the U.S. was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on U.S. networks. “They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.”
OpenSSL fixes two high-severity crypto bugs
Open-source cryptography library OpenSSL, which is used on Linux, Windows and macOS, has announced two high severity vulnerabilities that require immediate patching. One of these bugs can force a crash and DDoS situation by exploiting a TLS feature called renegotiation. The second bug could end up being more damaging than a DDoS attack, because it allows security checks to be circumvented. It is recommended that systems using OpenSSL receive up-to-date patches, as well as turning off both TLS 1.2 renegotiation and strict certificate checking.
Thanks to our sponsor, Remediant
FatFace hides ransomware attack, bargains down and gets tech support from pirates
UK fashion retailer FatFace, which made headlines last week by appearing to ask its customers to keep its cyberattack “strictly private and confidential”, has reportedly paid a $2 million ransom. Conti, the gang behind the attack, initially demanded an $8 million ransom based on its assessment of what FatFace’s insurance would cover, but the company talked them down after explaining revenues had tumbled due to the Coronavirus lockdown. In accepting the payment, Conti offered advice to FatFace’s IT team about how to harden its defenses against future attacks.
Insurance giant CNA hit by new Phoenix CryptoLocker ransomware
The threat actors deployed the ransomware on CNA’s network on March 21, where it proceeded to encrypt over 15,000 devices on their network, including the computers of employees working remotely who were logged into the company’s VPN at the time of the attack. Analysis by CrowdStrike has shown that the software used, based on a product family called Hades, is simply a rebranded version of their previously used WastedLocker ransomware, which makes it likely that this hit is connected to the Evil Corp hacking group.
Cyber-attack disrupts live broadcasts in Australia
Australia’s Channel Nine TV said it was unable to air several shows on Sunday, following a cyberattack. The broadcaster said it was investigating whether the hack was “criminal sabotage or the work of a foreign nation”. This occurred at the same time as another possible attack on Australia’s Parliament in Canberra. It’s not clear if the parliamentary outage and the cyber attack on Channel Nine were connected. Sources believe that China is behind the attacks, since relations between Australia and China have grown increasingly acrimonious amid disputes about trade and the coronavirus.
(BBC News)
New York launches blockchain based Covid passports
New Yorkers will now be able to pull up a code on their cell phone to prove they’ve been vaccinated against COVID-19 or recently tested negative for the virus that causes it. The first-in-the-nation certification, called the Excelsior Pass, will be useful first at large-scale venues like Madison Square Garden, as well as at dozens of event, arts and entertainment venues statewide, and even weddings and catered events. The data will come from the state’s vaccine registry and also will be linked to testing data from a number of pre-approved testing companies. It is built on IBM’s digital health pass platform and is provided via blockchain technology, so neither IBM nor any business will have access to private medical information.