“‘Beware in-app browsers’ is a good rule of thumb for any privacy conscious mobile app user — given the potential for an app to leverage its hold on user attention to snoop on what you’re looking at via browser software it also controls.”
Booby-trapped sites delivered potent new backdoor trojan to macOS users
“Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website.”
MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications
“Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.”
Hotspot connections will be safer in iOS 15 thanks to WPA3 security protocol
“Apple is expected to release iOS 15 and iPadOS 15 later this fall. As developers explore the new operating system, we’re able to discover new things on it. For example, in iOS 15, hotspot connections will feature a stronger WPA3 security protocol.”
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware
“Microsoft on Friday said it’s investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.”
Security News This Week: Hackers Are Erasing Western Digital Hard Drives Remotely
“An array of ATMs and point-of-sale terminals can be hacked with a wave of your phone, according to research released this week about vulnerabilities in near-field communication card readers.”
Update to iOS 14.5.1 Right Now or Your iPhone Is a Sitting Duck for Hackers
“Apple has rushed out fixes to two major vulnerabilities in iOS and iPadOS 14.5, last month’s update that implemented its App Tracking Transparency feature. Both bugs could have allowed malicious parties to remotely execute code, possibly leading to the takeover of an affected device.”
Critical netmask networking bug impacts thousands of applications
“Popular npm library netmask has a critical networking vulnerability. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend on netmask.”
New Android malware spies on you while posing as a System Update
“New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated.”
Apple releases iPhone, iPad, Watch security patch for zero-day bug under active attack
“Apple has released an update for iPhones, iPads and Watches to patch a security vulnerability under active attack by hackers. The security update lands as iOS 14.4.2 and iPadOS 14.4.2, which also covers a patch to older devices as iOS 12.5.2. watchOS also updates to 7.3.3.”
