Hackerzhome

hackerzhome-logo-bg

Flaws in apple let apps overhear your conversation – Top 10 Cybersecurity news 27/10/22

Flaws in apple - Cyber security news

Introduction:

The world has gone digital, and it is becoming even more vulnerable. Cybersecurity news is important to stay current in the industry, especially when it comes to protecting your business. To help you get educated on the latest news and updates, we’ve rounded up our favorite cybersecurity news stories from across the web. Whether you’re planning to invest in cybersecurity, or just want to be able to spot potential threats on your own computers and networks, this list will give you a great start. So, Today’s cybersecurity news includes information about an upcoming update to fix SSL vulnerability, Twitter accounts hack, Flaws in apple, etc.

Top 10 Cybersecurity news:

1. Kimsuky hackers targeting south Korea using 3 android malware.

  • North Korean threat actors named Kimsuky were spotted targeting south Korean Using 3 New android malware.
  • And they named this 3 malware as FastViewer, FastFire, and, FastSpy. FastViewer malware was disguised as Hanscom Officer Viewer, FasFire malware was disguised as a Security plugin, and Fastspy as a Remote access tool.
  • Once these 3 malware are launched into victims’ phones, the attacker gains full control of the phone.

2. Cybercriminals are targeting vulnerable Kubernetes and docker.

  • The researcher found out that cybercriminals use an unclear domain from the payload, container escape attempt, and anonymized dog mining pools to target Kubernetes and docker.
  • They also discovered multiple campaigns targeting Docker from the same c2c and undergoing the same method.  
  • A compromised docker was used to trigger the initial payload. Nearly 13,000 Docker instances and 68,000 Kubernetes instances were exposed.

 3. An upcoming update to fix open SSL vulnerability.

  • The open SSL announced that they are going to release a new update that would patch up the vulnerability found in open-source.
  • This new updated version will be released on November 1st, 2022.   This was the second vulnerability found in SSL.  And would rate it as a critical vulnerability.

4. New York post-Twitter accounts were hacked.

  • New York Post newspaper publisher’s Twitter accounts were hacked and tweeted targeting politicians.  
  • The offensive political headlines were about NYC Mayor Eric Adams, NY Governor, Alexandria Ocasio-Cortez, Joe Biden, and his son.
  • Still, They haven’t found out How the hackers hacked this.

5. Flaws in apple iOS AND macOS could let apps overhear your conversation.

  • Recent updates to macOS and iOS patched a bug that could allow apps to eavesdrop on Siri conversations.  This can be done when connecting an AirPods or Beats headset.
  • It could be done without microphone access. One of the developers found this bug and reported it to apple on august 26.
  • After further investigation, on October 24, Apple released an updated version to patch up these flaws in apple.

6. Vice society hackers are targeting educational sectors.

  • Vice society hackers have been linked with several ransomware attacks against the educational sector.
  • Threat actors tracking this under the moniker Dev-0832.This is a Zepline variant that includes their file extensions such as v-society, v-s0ciety and. locked.
  • The latest attack took place in July and October 2022.

7. Two-year-old flaws in the Cisco AnyConnect were targeted by hackers.

  • Cisco has warned about two-year-old vulnerabilities in cisco AnyConnect secure mobility clients for windows.
  • These two were tracked as CVE-20223153 with a CVSs score of 6.5 and CVE-2022-3433 with a CVSs score of 7.8.
  •  This vulnerability allows local attackers to perform DLL Hijacking and copy arbitrary files. Cisco requested the customer to update its newer version to fix this vulnerability.

8. British hacker alleged of running a dark web market.

  • British hacker BestBuy was alleged for running The Real Deal, a dark web market which is no longer now existed.
  • Threat actor Daniel Kaye, 34 years old allegedly ran the service in between 2015 and November 2016.
  • Threat actors use this platform to sell hacking tools, login credentials, drugs, weapons, and government data got from U.S government agencies.

9. Emotet Botnet launches a one-click attack technique.

  • Emotet botnet distributors of malicious packages deliver 96% of the packages using a trick. It uses a one-click attack technique that forces self-unlocking RAR files.
  • In this new trick the attackers are using invoice themes phishing lures with password-protected files.

10. See tickets data breach remains unknown for 2.5 years.

  • See tickets, an international ticketing company, reported a major data breach that exposed the credit card details of the customers.
  • Threat actors accessed their card details via snippets of JavaScript code in the checkout pages.
  • The researchers concluded that threat actors may get access to data of the customers between June 25, 2019, to January 8, 2022.

Conclusion:

Cybersecurity is an issue that’s never going away, and it’s vitally important for us to all be aware of what’s happening every day. The Flaws in apple News we’ve covered in this article will get you up to speed on some of the big issues today; a few are especially worth noting because they’re likely to continue being important for quite some time. Stay tuned for more cybersecurity news, on our next Cybersecurity Update! Subscribe to our newsletter to get notified regularly. Thank you!

Share this post
WhatsApp
Telegram
Facebook
Twitter
LinkedIn
Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Community

Table of Contents

weekly trending

SUBSCRIBE VIA EMAIL

Related Articles