Tag Archive for: issue

Security is fast becoming the industry’s biggest issue, Security

/in


There’s panic playing out regarding phone scamming and text fraud in the UK. It’s not hard to see why – just look at the statistics from Ofcom on reported scam attempts (below). They imply that we’re all at the sharp end, with the entire population either on the phone getting harassed, or on the phone making the scam calls.

That’s only a slight exaggeration. I’m speaking as one who (like many others) seemed at one stage to be getting multiple calls a week enquiring after my health following my ‘recent car accident’. My colleague Martyn Warwick took decisive action, stationing an ear-splitting whistle near the phone and attempting to deafen any telephonic miscreant that dared to have a go.

We’re scammin’, scammin’; Scammin’ till the break of dawn (apologies to Bob Marley)

According to Ofcom, text scams are the most common, with three quarters of 16-34-year-olds targeted.  It says almost 45 million people have been on the receiving end of potential scam texts or calls in the last three months, with more than 80% saying they had received a suspicious message, in the form of either a text, recorded message or live phone call to a landline or mobile. So that’s 44.6 million slightly annoyed right up to fully traumatised adults in the UK in the wake of the scamming epidemic.  

The overall effect, quite apart from the distress caused and sometimes financial loss suffered, is a growing collective disenchantment with what used to be called the ‘communications revolution’. Anecdotally we hear of people ditching their phones and curtailing their online life, convinced that very little is being done to banish the scammers.  

What about the big boys?

Of more immediate concern to the telecoms industry, though, are the activities of the well  organised crime syndicates, sometimes allegedly operating at the behest of foreign governments (you know who you are) orchestrating major hacks and ransomware attacks on not just public and private computer systems but also intelligent telecoms  infrastructure. Just last week BT announced that it was springing into action, because, it said, cyber attacks were proliferating at an unprecedented rate and it had calculated  that…

Source…

US and UK Issue Joint Alert on Russian Cyber Activity

/in


Critical Infrastructure Security
,
Cybercrime
,
Cyberwarfare / Nation-State Attacks

SVR’s TTPs and General Tradecraft Detailed

Doug Olenick (DougOlenick) •
May 8, 2021    

US and UK Issue Joint Alert on Russian Cyber Activity

U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive



The U.K.’s National Cyber Security Center, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency say the SVR, through its threat group APT29, will continue to attack, so organizations need to understand the threat facing them.

“APT29 will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies,” CISA says in its own alert.


CISA attributed the SolarWinds supply chain attack that resulted in follow-on attacks on nine government departments and 100 private companies to APT29, also known as The Dukes, Cozy Bear and Yttrium. The agency notes that the SVR’s cyber operations have posed a…

Source…

Apple Mac Security Flaws Let Hackers Control Your Computer: How to Download Big Sur 11.3.1 Update and Fix the Issue

/in


Apple Mac users need to update their devices again. The tech giant has serious security issues in these last few weeks, and updates are coming in for the new macOS 11.3 problems.

Fortunately, Apple has a new patch for the security flaws and has provided details on it and how to download the fix.

Apple’s security features gave it a respectable reputation for years now. The iOS use encryption codes in many of its system functions that ensures user privacy and security. Unfortunately, in these last few weeks, Apple updates have created new security vulnerabilities instead of fixing the old ones.

The company is aware of the report of these security issues. On Monday, they released security updates for iOS 14.5 and iPadOS 14.5 to fix some of the existing bugs in the mobile platform. Now, the company released the patch fix for macOS devices called the macOS Big Sur 11.3.1 

Apple macOS 11.3 Security Issues

There are many security vulnerabilities found in macOS 11.3. Generally, these are flaws in the system that lets hackers access your computer remotely and run malicious commands. Apple Support identified some of these attacks coming through the Webkit system and corrupts the memory available in the mac storage.

A secondary attack exploited the lack of security features to create web content that sneaks in viruses from the code execution. The bugs identified are CVE-2021-30665 and CVE-2021-30663. 

Read Also: Apple iPhone 13 Report Hints Absence of M1 Chipset: Leaked Specs, Release Date and More Updates

How to Download Big Sur 11.3.1 Update

The new patch file, macOS 11.3.1 called Big Sur, will fix both issues in the arbitrary code execution. If you own a Mac running at 11.3, it is recommended that you immediately download these fixes.

Mashable reported that users can download and install the update by going to “About This Mac” and selecting “Software Update.” Users also need to open this by going through the “System Preference” and selecting “Software Update” instead. When redirected to a window saying, “An update is available for your Mac – macOS Big Sur 11.3.1,” select “Update Now.”

The notification that comes up will not summarize “What’s New” in the macOS Big Sur…

Source…

Apple rolls out fix for WebKit security issue

/in


Apple has released a security patch for iPhones, iPads and Apple Watches to fix an issue under active attack by hackers.

The security patch is available with iOS 14.4.2 and iPadOS 14.4.2 updates which cover older devices as well as with watchOS 7.3.3 update for Apple Watches.

The vulnerability has been found with Apple’s WebKit, the browser engine that is users in the Safari browser across all Apple devices.

Describing the impact of the vulnerability, Apple wrote on its support page, “Processing maliciously crafted web content may lead to universal cross-site scripting.”

“Apple is aware of a report that this issue may have been actively exploited,” it said.

The issue was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group. It was addressed by “improved management of object lifetimes.”

Fix for the vulnerability CVE-2021-1879 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The watchOS update is available for Apple Watch Series 3 and later.

Apple has not specified if and how any users were impacted by the issue or if the attack was a wider attack or targeted against a small number of users.

The tech giant released a fix for similar issues with WebKit earlier this month (via TechCrunch).

It had released patches for a “memory corruption issue” with the browser engine.

The vulnerabilities were reported by Google and Microsoft researchers.

Source…