Security News

Patch your Macs against this attack

Avast Security News Team, 30 April 2021

Plus, U.S. Congress introduces “The Fourth Amendment Is Not For Sale Act”

Mac users are urged to update their systems to Big Sur 11.3 as soon as possible in order to patch a vulnerability that allows a malware known as Shlayer to bypass all of Apple’s security measures, including Gatekeeper and File Quarantine. The problem stems from a logic error in Apple’s operating system that misclassifies Shlayer as a safe file. In truth, Shlayer is malicious and it burrows deep into the user’s system, from where it launches an adware scam.

These malware attacks have been active since January, but Apple’s newest update patches the vulnerability. “Macs have gained popularity the last few years. Although malware still prefers Windows due to its huge market share, Mac is also an attractive target,” said Avast Security Evangelist Luis Corrons. “Users should have their OS and applications updated, as well as having a security solution running, to protect them against malware and the rest of the online threats that don't care about what device we are using.” Read more on Forbes

Emotet victims added to Have I Been Pwned?

Per the FBI’s request, the Have I Been Pwned? (HIBP) website has now imported the email addresses of all 4,324,770 victims of Emotet, called “the world’s most dangerous malware” by Europol. HIBP founder Troy Hunt posted on his blog that the FBI approached him about using HIBP as a “viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet.” All impacted HIBP subscribers have been notified. Others can check if their email was involved in any data breach on the HIBP website.  

Introducing “The Fourth Amendment Is Not for Sale Act”

A bill is making its way through U.S. Congress that aims to block two increasingly common law enforcement surveillance tactics – purchasing personal data from Clearview AI and sourcing location data from third party trackers. Both practices violate terms-of-service agreements. The data provided by Clearview AI is comprised of photos and personal information scraped from social media sites. The bill has bipartisan support, as well as endorsements by the American Civil Liberties Union, the Electronic Frontier Foundation, Freedom of the Press Foundation, Mozilla, and many other civil rights and technology groups. For more, see the story in Vice.

Covid ushers in new era of cybercrime

This week marked the release of a 2021 COVID Crime Index, a report that looks at the cybercrime trends that have emerged since the pandemic began. “Covid-19 has ushered in a new era of cybercrime and online fraud for financial institutions,” the report states. Overall, financial institutions detected a 29% rise in cybercrime attacks over the past year, and those attacks were launched at the same time that 51% of the institutions had to shift security strategies to accommodate work-from-home employees. Additionally, IT security, cybercrime, fraud, and risk funding have been cut 26% over the past 12 months. The report suggests that the solution to this new era of crime comes down to 3 key pillars within a company – people, process, and technology. Read more on ZDNet.

PlayStation Network down for over an hour

All PlayStation Network services went down for over an hour this past Tuesday. The total outage affected every category on the PSN status page – account management, gaming and social, PlayStation Now, PlayStation Video, PlayStation Store, and PlayStation Direct. Staffers at The Verge confirmed that during the down time they were unable to download items from the store, play multiplayer games, check leaderboards, nor load the PlayStation app on their phones. The outage appears to have been global. All services have since been restored.

This week’s ‘must-read’ on The Avast Blog

The majority of today’s smartphones are equipped with NFC technology. Curious about how NFC works? Here's what privacy-savvy consumers should know about NFC notifications and RFID tags.