Plus, zero-click spyware attack and the digital guide to breaking up
Apple’s Tim Cook, Microsoft’s Satya Nadella, and Amazon’s Andy Jassy are among a group of tech CEOs that were called to a White House meeting Wednesday by President Joe Biden. The point of the gathering was to discuss efforts by private companies to improve cybersecurity following a year of increased ransomware and other cyberattacks, according to Bloomberg. The list of invitees also included tech, energy, water, and banking companies.
“Cybersecurity should be a top priority, and the president knows it,” commented Avast Security Evangelist Luis Corrons. “His administration’s already started talking with Russia's government, and now he’s meeting with some of the main American companies. Neither Biden nor Microsoft, Google, IBM or Apple CEOs are security experts, but they do have the power to set in motion their companies’ resources to work towards improving cybersecurity.” A senior official familiar with the event told Bloomberg the meeting will most likely address the need for better supply chain security, coming just a month after the massive SolarWinds supply chain attack. For more, see Ars Technica.
Echoing a wave of cyberattacks earlier this year, a surge in attacks on Microsoft Exchange servers has been detected, and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an urgent bulletin to remind organizations to patch their systems against these attacks. In March, hundreds of thousands of Microsoft Exchange servers, hosting both business and personal accounts, were targeted by Chinese nation-state group Hafnium. The attacks this round differ from the Hafnium attacks in that they target a different vulnerability – Microsoft’s ProxyShell. All businesses, including SMBs, are advised to protect their systems. For more, see CyberScoop.
A DDoS botnet gang has infected hundreds of thousands of IoT devices, including network gateways, routers, and repeaters, manufactured by at least 65 different vendors. The vulnerability is in the software development kit (SDK) that ships with RealTek Chipsets, which are basic system-on-chip (SoC) boards around which device-makers can build their firmware. Over 200 device models are vulnerable, with the most common being the Netis E1+ extender, the Edimax N150 and N300 Wi-Fi routers, and the Repotec RP-WR5444 router. For more on this story, see The Record.
In an effort to ease the heartache of an ended relationship, Consumer Reports has published A Digital Guide to Breaking Up. Subtitled “How to Reclaim Your Online Accounts After a Relationship Ends,” the guide offers advice on how to keep your social media feed free of painful memories and how to sever any shared accounts cleanly and quietly. The first task is to make a thorough list of shared accounts, as long-term relationships may have led to more shared accounts than one might immediately remember. Other helpful tips cover how to change your password for services such as Amazon Prime Video, Apple TV, and HBO Max. If the relationship was abusive, Avast has seven tips to help ensure you are not being tracked by your ex.
Internet watchdog group Citizen Lab, based at the University of Toronto, reported that it identified nine Bahraini activists whose iPhones were hacked, some using zero-click iMessage exploits, with Pegasus spyware between June 2020 and February 2021. Citizen Lab feels confident the Bahrain government is behind at least some of the attacks. The targeted journalists include members of the center-left political group Waad, the political opposition group Al Wefaq, and the Bahrain Center for Human Rights. The zero-click attack requires no action on the part of the victim, and completely circumvents Apple’s BlastDoor security. Citizen Lab has dubbed the attack FORCEDENTRY.
After receiving a call purportedly from the CDC, Avast Senior Writer Emma McGowan discussed with Avast Threat Labs how one can spot signs that they've been on the receiving end of a phone scam. Read up for tips on how to handle these cases securely.
Especially during the holiday season, beware of any delivery messages that ask for your personal data.
iSpoof collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States.