23 August 2019

IRM Weekly Cybersecurity Roundup: Apple security flaw and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

iOS 12.4 update re-introduces critical Apple security flaw

The latest iOS update (12.4) has opened the doors to a critical Apple security flaw dubbed “SockPuppet”. The bug was found in the 12.3 update and successfully corrected, but has now been reintroduced after something went wrong during the software quality validation process.

Apple security flaw

Users are being warned to be cautious over the next couple of days as the vulnerability could allow hackers to gain control over the devices and install ransomware, malware and spyware.

The Apple security flaw has already been exploited by a security researcher on GitHub as they show how to jailbreak an iPhone running iOS 12.4.

The warnings to users include being careful about installing apps from the app store and to not attempt to jailbreak personal phones as it can leave them open to threats. You can read more here.

Ransomware hits 22 towns in Texas

22 towns in Texas have been hit by a ransomware attack last Friday in what they are calling a “new front” in cyber assault. One of the town’s mayors said that the cybercriminals were asking for $2.5 million to unlock the files.

The attackers deployed the ransomware through software from the Managed Service Provider (MSP) used by the administration for technical support. The Texas Department of Information Resources says there is evidence pointing to “one single threat actor”.

Over 25% of the municipalities have now gone into the remediation and recovery stage whilst some have already resumed normal activity. Only two towns made their attack public – City of Borger and Keene. They said the attack impacted financial operations, utilities and other payments are offline.

Hackers have been targeting MSPs more frequently recently because MSPs can lead to multiple clients if an attack is successful. You can read more here.

NordVPN and Office software websites hit by a Trojan

An imposter website of virtual private network, NordVPN, has been set up by cybercriminals to infect visitors with a banking Trojan called “Bolij.2”. The fake site was launched on August 8th and has already been clicked on by thousands of visitors this month.

The identical website features the exact colour schemes and all-over design of the true site, including a valid SSL certificate.

The website entices visitors to download a program that comes packaged with Bolij.2. This malware allows hackers to gain access and execute web injections, keylogging, traffic intercepts and steal information from different bank-client systems.

This isn’t the first attack where Bolij.2 has been delivered – in June this year, websites of Invoice 360 Enterprise and Crystal Office were duplicated to steal information. You can read more here.

Getting an Apple card? Keep it away from leather and denim

The brand new Apple card was released this month. Made out of titanium, the all- white card design seems to have an aversion to certain fabrics like leather and denim. This means you can’t keep it in your leather wallet or denim trousers or you’ll risk permanent coloration damage that can’t be washed off.

It’s also recommended not to keep the card with your other cards in case of scratches and not placing it near a magnetic latch on a bag as it could demagnetise the magnetic strip.

Apple have even created a guide for customers on how to safely store and carry their card, along with how to clean it. You can read more here.

Quick-fire updates:

Players of Fortnite warned of new cheating hack: A warning has been issued to the 250 million players of Fortnite of a cheat that promises players they can win is actually ransomware disguised as an aimbot. You can read more here.

Biometric Security Company Suprema plays down data leak: Last week, Suprema’s Biostar 2 software had a breach where 1 million fingerprints were supposedly exposed. Suprema reports a smaller figure whilst researchers stand by their results. You can read more here.

YouTube removed robot battle videos in mistake of animal cruelty: Owners of YouTube videos involving small battling robots received an email form YouTube accusing them of animal cruelty and removing the videos. Some users have even been given strikes with video download bans. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.