Week in review: Apple fixes exploited zero-days, 1,900 Signal users exposed, Amazon Ring app vuln

OPIS

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Tackling the dangers of internal communications: What can companies do?
In this interview for Help Net Security, Devin Redmond, CEO at Theta Lake, talks about the risk of internal communications and what companies can do to keep themselves safe.

How government CISOs tackle digital transformation initiatives
In this interview for Help Net Security, Dan Tucker, Senior VP at Booz Allen, and leader of the firm’s cloud and data engineering solutions for citizen services, talks about government digital transformation efforts, security challenges, and offers tips for CISOs.

Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893)
Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild.

1,900 Signal users exposed following Twilio breach
The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal.

DigitalOcean customers affected by Mailchimp “security incident”
A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday.

Microsoft makes tamper protection for macOS endpoints widely available
The tamper protection feature in Microsoft Defender for Endpoint for macOS is getting rolled out to all customers, the company has announced on Monday.

Vulnerability in Amazon Ring app allowed access to private camera recordings
A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including geolocation, address, and recordings.

Why it’s past time we operationalized cybersecurity
Enterprises are investing more in cybersecurity than ever before, but we’re also seeing a record number of breaches. More than 5.1 billion pieces of personal information were reported stolen last year, and the average cost of a breach has climbed to $4.35 million.

Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022
Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.

Overcoming the roadblocks to passwordless authentication
It’s a well-known fact that humans are the weakest link in any security strategy. Verizon’s latest annual data breach report found that over 80% of breaches in the “Basic Web Application Attacks” incident pattern were due to stolen credentials.

Ransomware is back, healthcare sector most targeted
In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID-19 pandemic.

Incident response in the cloud can be simple if you are prepared
If your business has moved toward off-premises computing, there’s a bonus to the flexibility and scalability services that AWS and Microsoft 365 can provide. Incident response (IR) in the cloud is far simpler than on-premises incident response.

APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques
Group-IB has released new research on the state-sponsored hacker group APT41. The Group-IB Threat Intelligence team estimates that in 2021 the threat actors gained access to at least 13 organizations worldwide.

IoT: The huge cybersecurity blind spot that’s costing millions
As IoT adoption becomes more widespread, 93% of enterprises are finding it necessary to up their security spend for IoT and unmanaged devices as a result.

Response-based attacks make up 41% of all email-based scams
Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year.

How to manage the intersection of Java, security and DevOps at a low complexity cost
In this Help Net Security video, Erik Costlow, Senior Director of Product Management at Azul, talks about Java centric vulnerabilities and the headache they have become for developers everywhere.

What is challenging successful DevSecOps adoption?
Mezmo published an ESG report which provides insights on DevSecOps adoption, its benefits, and the challenges with implementation.

How aware are organizations of the importance of endpoint management security?
49% of respondents to a recent Twitter poll carried out by Osirium Technologies describe endpoint management security within their organization as non-existent. 11% admit that it’s their lowest priority.

Matter protocol: Secure, reliable interoperability for smart home devices
In this Help Net Security video, Mike Nelson, VP of IoT Security at DigiCert, talks about the Matter protocol. Led by the Connectivity Standards Alliance (CSA), is the combined effort to ensure that all devices, apps, and platforms work seamlessly together.

Why organizations should control Active Directory permissions
In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting Active Directory permissions.

How attackers are exploiting corporate IoT
In this Help Net Security video, Brian Contos, CSO at Phosphorus Cybersecurity, discusses how most companies consider IoT threats to be limited in scope.

Why smart factories need to prioritize cybersecurity
In this Help Net Security video, Aarthi Krishna, Global Head of Intelligent Industry Security at Capgemini, provides an overview of the cybersecurity issues smart factories have to deal with, and offers steps to help organizations better prepare, prevent and mitigate a variety of attacks.

OpenFHE: Open-Source Fully Homomorphic Encryption
In this Help Net Security video, Prof. Kurt Rohloff, CTO at Duality, talks about Open-Source Fully Homomorphic Encryption (OpenFHE).

How merchants can defend themselves against Magecart attacks
In this Help Net Security video, Angel Grant, VP of Security, F5, explains what Magecart attacks are and how they have evolved over the years.

New infosec products of the week: August 19, 2022
Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, Raytheon Technologies, Tenacity, and Transmit Security.




Share this