The Week In Review 08/03 – 12/03
As a company, Apple have increasingly sought to perpetuate user privacy, decreasing the access of advertisers and marketers to user data and gradually giving back control to the consumer. However, the global brand featured heavily in the echelons of cyber security news this week for precisely the wrong reasons. Apple were forced to release an urgent patch on Monday across all operating systems and Safari to fix a vulnerability that could be exploited by malicious web pages and enable malware to run on users devices. Through this vulnerability, landing on a malicious page could be enough to infect your device and hand over control to a malicious actor. The arbitrary code execution flaw was found by Google’s Threat Analysis Group and Microsoft Browser Vulnerability Research. In addition to this, a top rated app on the iOS app store was found to have a flaw that provided access to recorded user conversations by simply providing the correct phone number. Automatic Call Recorder is an app that allows users to record their personal phone conversations on iPhone. One researcher found that by passing the apps network traffic through a web proxy tool such as Burp or Zap, an attacker could simply insert the phone number of any app user to return not only the recorded conversations but their entire call history. The researcher, working with Tech Crunch, said the Amazon Bucket in question had roughly 130,000 recordings equating to 300GB of data accessible to attackers. The flaw has since been fixed.
Fittingly in the theme of exploitable applications and unsecure browsers, a fake ad blocker has hit 20,000 users in less than 2 months since being launched. Previously disguised as antivirus software, hitting 2,500 devices daily, the malware ransoms the user’s data and also uses the device for mining the anonymous cryptocurrency Monero. Users are able to remove this malware by installing the application it is masquerading as. AdShield is the legitimate product with the malware being marketed as AdShield Pro. Conveniently, the Australian Government published a 14 page document detailing how users can effectively counter ransomware. With the unprecedented rise of the form of malware throughout 2020, compounded by opportunities presented by the pandemic, public and private organisations alike have been plagued by ransomware attacks. The paper covers a concept called ‘Cyber Hygiene’ which is beginning to be more widely promoted for all users of IT.
After a turbulent year of prominent cyber attacks and breaches, the cyber security space is gaining mainstream publicity along with an increasing demand globally. This week saw two companies in the space close successful funding rounds, with one providing Synk, a dev platform security company a $4.7bn valuation. This quadruples its value since the start of 2020, demonstrating how cyber security is no longer a nice to have, but a must have requirement for all businesses. The rapid growth and expansion of firms such as Aqua Security, who recently closed their Series E funding round, over doubling all previous funding is a trend that we anticipate is just getting started.
As ransomware attacks run rampant do not let your business fall victim, assess to what extent your business employs best practice of Cyber Hygiene and how a ransomware attack would impact you with Dionach’s Ransomware Readiness Review.
Read about all of this and more below:
Synk valued at $4.7bn
(yahoo.com)
Australian Government combat ransomware with Cyber Hygiene document
(zdnet.com)
Phone recorder app gives access to iPhone conversations
(bleepingcomputer.com)
Fake Ad Blocker delivers hybrid malware crypto miner
(threatpost.com)
Cloud Security firm Aqua Security raises $135m in Series E
(crn.com)
Apple emits patches for all OS and Safari
(theregister.com)
Github informs users of potentially serious bug
(securityweek.com)