Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
The Malware dubbed as NoReboot has been discovered by the mobile security firm ZecOps. The Malware fakes an iPhone shutdown by disabling all the Audio-visual cues of a powered-on device. This allows hackers to remotely manipulate devices without getting caught.
France’s data protection watchdog, “Commission Nationale de l’informatique et des libertés (CNIL)” has levied Facebook and Google with a fine of €150 million and €60 million for violating E.U Privacy rules, which is failing to provide customers with an easy option to reject cookie tracking technology.
Google has released its first set of patches for its Chrome browser for 2022. This patch was issued to fix 37 security issues, one among these is a critical issue that lets hackers pass arbitrary code and gain control over the victim’s system. Among the 37 flaws, 24 of them were identified by external researchers.
Security researchers from Tenable have discovered multiple high-risk vulnerabilities, affecting Netgear Nighthawk R6700v3 routers. If the hackers could trigger the vulnerabilities, they can take full control of the affected devices
One of the world-famous hacking groups, the Powerful Greek Army, has hacked the Twitter account of Parimal Kopardekar, the director of NASA. The PGA spokesman said they are hacking for fun, and the attack was not politically motivated. PGA wanted to demonstrate that nobody is safe online.
An urgent update has been released by Apache Software Foundation for the Apache HTTP server flaw. This flaw could let hackers take control of the infected system and execute arbitrary code remotely. The CISA and US Government’s Security Response Agency, have requested open-source community users to immediately update to the latest version.
Security experts from Cyble claim that threat actors are targeting Itaú Unibanco, which is one of the largest financial providers in Brazil and has around 55 million customers globally. The hackers are fooling the customers by deploying a fake Google Play store page and a fake banking app of Itaú Unibanco.
The vulnerabilities were discovered by a Berlin-based cybersecurity firm Positive Security. It was found out that the vulnerability could allow access to internal Microsoft services, spoofing the link preview, and android users leaking their IP addresses and DoSing their team’s app and channels
Researchers from reasons labs spotted a Russian torrent site spreading Monero Cryptominer disguised as Spider-Man No Way Home movie. The malware does not have data-stealing capabilities but uses systems resources to mine cryptocurrency causing a drop in system performance
Fisher-Price is a Bluetooth headset with the appearance of a kid’s toy but designed for adults. Security researchers from PenTest Partners have discovered a serious flaw that allows hackers to spy on users
A new phishing campaign is taking advantage of the vulnerability that is affecting the MSHTML flaw. It is linked with CVE-2021-40444 which is related to the Remote Code Execution flaw.
Google rolled out fixes for a new Zero-day exploit detected in the wild. A total of Five fixes have been addressed in this update. It is the 17th Zero-day that has been addressed by Google this year
The latest iOS update fixes issues such as the Jailbreak exploit chain as well as a critical issue in the kernel and safari web browser. The vulnerability is tracked as CVE-2021-30955. Apart from this, a total of five kernel and four IOMobileFrameBuffer vulnerabilities have been fixed
A privilege escalation bug in the ImControllerService has affected Lenovo laptops which include the Think Pad and Yoga series. These bugs will allow attackers to execute commands with admin privileges. The vulnerability is tracked as CVE-2021-3922 and CVE-2021-3969
Microsoft released patches for 67 vulnerabilities during the month of December 2021. Out of these 67 vulnerabilities, 7 are classified as critical and 60 as important. It is found that locally exploitable vulnerability is more than the remotely exploitable ones
A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process
