Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Microsoft on Monday said that the Azure cloud platform mitigated 2.4 TB distributed denial of a service DDOS attack. The attack targeted an unnamed customer of Azure from Europe. It experienced three short visit bursts, which ramped up every second to terabit volume. The first one ranged from 2.7 Tbps, the second one at 0.55 Tbps and the third one being 1.7 Tbps.
White hat hackers at China’s Tianfu cup hacking contest hacked iPhone 13 which was running on the latest fully patched iOS 15, by a zero-click remote code execution exploit
Microsoft has released fixes for 74 vulnerabilities for October 2021. Among 66, 3 are classified as critical 70 as important and 1 as low. Out of the 74 vulnerabilities, 61% of the vulnerabilities are locally exploitable and 31% are remotely exploitable. 50 vulnerabilities among these 74 require authentication for exploitation and the other 21 does not require any authentication
Well-known medical device maker Medtronic has recalled remote controllers used in some of its pumps, as its flaws can cause injury or even death. The vulnerability allows hackers to modify the amount of insulin that should be used by the patients
The security researchers at Cloudmark and Proofpoint reported the new Smishing campaign involving TangleBot. The malware when installed gains access to different permissions. It steals users’ data and monitors every user activity. TangleBot is currently targeting the US and Canada disguised as COVID-19 information
Google has released four high severity flaws affecting Google Chrome versions for Windows, Mac, and Linux. The vulnerabilities include one arbitrary code execution, two heap buffer overflow vulnerability and the fourth one is an inappropriate implementation in Sandbox
Google has announced that it is going to auto-enrol 150 million users in its two-step verification process by default. This process is expected to be done by the end of this year. This will increase security as well as reduce unauthorised access to accounts
Bloody stealer is a malware that is used in stealing accounts from accounts of successful gaming platforms. The malware has a trick to avoid detection and it’s available for 10 dollars on the dark web and you could get an unlimited subscription for just 40 dollars. This malware steals cookies, passwords, and Bank card details
Hackers have discovered a new way to hack Apple pay and contactless limit to make large visa payments. This is an active Man-in-the-middle-attack known as the Apple pay transport attack. For this, a hacker would require an iPhone with a Visa card set up as a transport card, and a close concurrence with the phone. The payment can be done by holding the phone near to emulator device
Pen Tester and Security Researcher Bobby Raunch and Cybersecurity blogger Brian Kerbs say that Air Tags can be used in credential hacking and data theft vectors. The attack exploits the way how a lost mode is set up. This allows a hacker to inject arbitrary code execution and redirect the finder’s browser to a fake website
Google Thursday pushed an urgent security fix for the Chrome browsers, which fixed two vulnerabilities that are being actively exploited in the wild. This makes it the fourth and fifth zero-day patch released by Google for this month alone
Zacco Digital Trust is pleased to announce the launch of VPhish Pro, our advanced phishing simulation platform.
The vulnerability was first discovered by Fingerprints. The unpatched vulnerability in Apple’s iCloud private relay service could leak user’s real IP address. This is a feature that was rolled out in the beta version of iOS 15, which allows anonymity on the web by shielding the users IP addresses
A post was made by a user on a popular hacker forum saying that he is selling the entire database for $100,000. The publisher of the post also says that the data can be split into smaller portions for potential buyers. The database includes names, phone numbers, Clubhouse ranks, and Facebook profile links.
GSS is the Spain and Latin American division of Europe’s customer service and call centre providing giant Covisian. This attack has crippled its systems and has affected the call centre serving Spanish speaking customers. Vodafone Spain, Madrid’s water supply company and television stations are some of the companies that has been impacted by this attack
Microsoft’s Autodiscover protocol had an unpatched design flaw, which has led to a leak of over 100,000 login names and passwords of Windows domains. Capable attackers can gain domain credentials in plan tests and can even perform large scale DSN poisoning campaigns
