Featured Post

News Scan for Jun 29, 2020 | CIDRAP - CIDRAP

Image
News Scan for Jun 29, 2020 | CIDRAP - CIDRAPNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPViruses: Breaking new grounds in research | Results Pack | CORDIS | European Commission - Cordis NewsHelping Others Make Healthy Choices - Texas A&M Today - Texas A&M University Today"How Contagion Works" author Paolo Giordano on the environmental, social and political factors impacting coronavirus and future threats - Sydney Morning HeraldPandemic Outbreaks in the Past Decade: A Research Overview - ResearchAndMarkets.com - Business WireNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPPosted: 29 Jun 2020 12:00 AM PDT Ebola infects 4 more in DRC's Equateur province outbreakOfficials have reported 4 more confirmed cases in the Democratic Republic of the Congo (DRC) Equateur province Ebola outbreak, raising the total to 28, the World Health Organization (WHO) African regional office said today on Twitter.So far, no details on the latest cases in the DRC's 11th Ebola outbreak are no…

Flaw in iOS Mail App May Put Millions at Risk | Avast - Security Boulevard

Flaw in iOS Mail App May Put Millions at Risk | Avast - Security Boulevard


Flaw in iOS Mail App May Put Millions at Risk | Avast - Security Boulevard

Posted: 24 Apr 2020 07:11 AM PDT

Security researchers found a vulnerability in iOS software that may have allowed hackers to steal data from almost a billion Apple devices over the past two years. Reuters reported that a California-based security firm discovered the bug while investigating a client's cyberattack that occurred in late 2019. The attack exploited a flaw whereby a blank email sent to the victim triggers a crash and reset of the iOS Mail app, swinging open a backdoor for hackers in the process. The attackers then gain access to whatever information is kept in the Mail app, such as contact lists, photos, and confidential messages.  

The researchers said they found evidence that the flaw was exploited as far back as January 2018, and it still exists even in the most current iOS version, rendering all iPhones and iPads vulnerable. In 2019, Apple claimed there were 900,000 iPhones in active use. The company acknowledged the vulnerability, stating that a fix has been developed and will be issued as a forthcoming update. 

"This is an extremely serious vulnerability that allows any attacker access to a victim's emails just by sending an email, and it has been around for years," commented Avast Security Evangelist Luis Corrons. "The good news is that it seems the flaw has only been exploited by a state sponsored group, so it hasn't been used to widely attack all iOS users. Nevertheless, now that it is known, groups of bad actors will try to exploit this security hole, so all users need to update as soon as the patch is released."

New phishing scam preys on layoff fear

Amidst an unstable economy in the face of a pandemic, many employees worry about being terminated, and a new phishing campaign has emerged to take advantage of this job insecurity. SC Magazine reported that the newly uncovered scam pretends to be a Zoom invite from the victim's human resources division. When victims click on the provided link, it takes them to a phony Zoom landing page where they're asked to enter their login credentials, the targeted loot of this campaign. Researchers said both the email and the Zoom landing page look legitimate, so users are advised to remain vigilant and not panic into clicking the link.

This week's quote

"Think of it as skipping two generations on a smartphone upgrade."

– Grant McCormick, a cybersecurity researcher commenting on the Zoom encryption update that will take effect on May 30

US healthcare industry targeted by COVID-19 phishing scams

The FBI issued a flash alert this week about a surge in targeted email phishing attempts against U.S.-based medical providers. The malicious emails tease new information about the coronavirus pandemic, with subject lines such as "COVID-19 Update!!" and "Business Contingency alert – COVID 19." The malicious emails urge recipients to open the accompanying attachments for more information, but those attachments contain infected files that spread malware to the victim's system. The bureau offers advice to mitigate risk, suggesting healthcare companies keep their software up to date and be wary of all attachments, even from known senders. 

US small business relief loan applications suffer data breach

Nearly 8,000 applicants to the Economic Injury Disaster Loan (EIDL) program may have been affected by a data breach that allowed applicants to see each other's personal information such as names, Social Security numbers, home and email addresses, birth dates, phone numbers, and insurance information. The U.S. Small Business Administration (SBA), which runs the program, said that it has addressed the issue on the EIDL website and has notified potential victims of the breach. More on this story in The Washington Post.

This week's stat

10,000 people!

That's how many users were tricked by scam websites into purchasing a "Pandemic Survival Guide" with questionable advice. Read the investigation by our Threat Intelligence Team.

UK scam hotline takes down 83 malicious sites in 1 day

Within 24 hours of the National Cyber Security Centre (NCSC) in the UK urging the public to use a new hotline to report suspicious emails and phishing scams, over 5,000 reports were called in, leading to the takedown of 83 cybercriminal campaigns. ZDNet reported that while the hotline was created to mitigate the surge in coronavirus-related scams that target people working from home, it's a public service the general population of the UK can use to report any type of cyber scam. 

Over 300M Facebook profiles for sale on dark web

At a price of only £500 (about $623), bad actors are selling over 300 million Facebook profiles in underground forums. The profiles do not include any passwords, but they contain other data like full names, phone numbers, email addresses, birth dates, and unique Facebook IDs, which could arm an attacker with enough information to launch targeted spear phishing campaigns, pretending to be Facebook and attempting to trick victims into divulging their passwords. Learn more at Bleeping Computer.

This week's 'must-read' on The Avast Blog

Worried about what government virus contact tracing apps will mean for privacy and security? Learn more about them on the Avast Blog.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/flaw-in-ios-mail-app-may-put-millions-at-risk

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US