The technical details of how the auto-erase feature was bypassed are fascinating. The actual hacking was reportedly done by two Azimuth employees who gained access to the phone by exploiting a vulnerability in an upstream software module written by Mozilla. That code was reportedly used by Apple in iPhones to enable the use of accessories with the Lightning port. Once the hackers gained initial access, they were able to chain together two more exploits, which gave them full control over the main processor, allowing them to run their own code. After they had this power, they were able to write and test software that guessed every passcode combination, ignoring any other systems that would lock out or erase the phone. The exploit chain, from Lightning port to processor control, was named Condor. As with many exploits, though, it didn’t last long. Mozilla reportedly fixed the Lightning port exploit a month or two later as part of a standard update, which was then adopted by the companies using the code, including Apple.
Category: Fity Feeds
BrandPost: Remediate Insecure Configurations to Improve Cybersecurity
A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.
Lawmakers press spy leaders on lagging efforts to block foreign hackers
Written by Shannon Vavra
Biden Admin Takes Action to Defend Electric Utilities Against Cyberattacks
April 14, 2021 |
3 minute read
Written By
Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence
Written by Shannon Vavra
Israel May Have Destroyed Iranian Centrifuges Simply by Cutting Power
And while media accounts have suggested saboteurs focused on taking out the facility’s electric supply, David Albright, founder and president of the Institute for Science and International Security in Washington, D.C., believes the aim was to destroy centrifuges. Power is easy to restore even when electrical equipment is damaged, allowing enrichment work to quickly resume. But an abrupt blackout that also takes out backup power would have destroyed some centrifuges, Albright says, since they need to be powered down slowly. Failure to do so leads to vibrations that can cause centrifuge rotors and bellows to become damaged and in some cases disintegrate, which is what Albright suspects occurred.
EDR functionality in a small business solution
Most security solutions for small and medium-size businesses exist simply to prevent malware from running on a workstation or server — and for years, that was enough. As long as an organization could detect cyberthreats on end devices, it could arrest the spread of infection over its network and thus protect the corporate infrastructure.
April 2021 Patch Tuesday – 108 Vulnerabilities, 19 Critical, Adobe
This month’s Microsoft Patch Tuesday addresses 108 vulnerabilities, of which 19 are rated critical severity and 88 are rated high severity. Adobe released patches for its Photoshop, Digital Editions, and Bridge products.
Deepfake video app Avatarify, which process on-phone, plans digital watermark for videos
Making deepfake videos used to be hard. Now all you need is a smartphone. Avatarify, a startup that allows people to make deepfake videos directly on their phone rather than in the cloud, is soaring up the app charts after being used by celebrities such as Victoria Beckham.
All About WhiteSource’s 2021 Open Source Security Vulnerabilities Report
It’s that time of year again: WhiteSource’s annual State of Open Source Security Vulnerabilities for 2021 is here. Once again, when 2020 came to a close, our research team took a deep dive into the WhiteSource database to learn what’s new and what stayed the same in the ever-evolving world of open source security.
Criminals Use Collaboration Platforms to Spread Malware, Research Finds
FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box
A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some tech support backdoor removal. Bizarrely, they did this without letting the admins know beforehand.
Red Hat Security Advisory 2021-1196-01
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Red Hat Security Advisory 2021-1195-01
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Ubuntu Security Notice USN-4905-1
==========================================================================
Ubuntu Security Notice USN-4905-1
April 13, 2021
Ubuntu Security Notice USN-4906-1
==========================================================================
Ubuntu Security Notice USN-4906-1
April 13, 2021
How Continuous Control Automation is Leapfrogging Continuous Control Monitoring
In a world where automation is taking over fast food, driving, package delivery, and practically every other industry, why isn’t it more prevalent in the cybersecurity realm? For a sector inundated with cutting-edge technology in almost every other aspect, somehow risk and compliance management has fallen to the wayside. Employees and chief information security officers (CISO’s) are still spending hours poring in spreadsheets and doing manual control monitoring and in 2021, with digital transformation everywhere in the world, it’s frankly unacceptable.
Gay dating site Manhunt hacked, thousands of accounts stolen
Manhunt, a gay dating app that claims to have 6 million male members, has confirmed it was hit by a data breach in February after a hacker gained access to the company’s accounts database.
Don’t discount the risk of deepfakes to the enterprise
New Microsoft Exchange Patches For SMBs | Avast
Last month, we told you about a series of critical vulnerabilities in Microsoft Exchange that were under attack. We urged small and medium businesses (SMBs) to take immediate action to patch, as well as determine if Exchange systems might have been compromised.