Security news weekly round-up - 15th October 2021
Habdul Hazeez
Posted on October 15, 2021
Introduction
It's yet another day, another Friday, you know what that means? It means it's time for a review of some top security news over the past week that it's worth your time.
This week's review is "multi" in nature in the sense that we have news about privacy, security, cyber-attack_, and vulnerabilities.
Let's go!
Microsoft thwarts record‑breaking DDoS attack
DDoS is short for Distributed Denial of Service attacks and its main objective is to overwhelm a target infrastructure with more than it can handle on a typical day.
In this article, Amer Owaida of welivesecurity details how Microsoft thwarted a DDoS attack against an Azure customer.
Excerpt from the article:
The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps
Apple quietly patches yet another iPhone 0-day – check you have 15.0.2
Please, find a way to update your iPhone device.
Excerpt from the article:
Remember that zero-day vulnerabilities refer to bugs that cybercriminals know how to exploit before a patch is available, with the result that even a well-informed user or sysadmin would have had zero days to get officially ahead of the Bad Guys
Study reveals Android phones constantly snoop on their users
It depends on how you view this story, it might not be "news" after all.
Excerpt from the article:
It is important to note that this concerns the collection of data for which there’s no option to opt-out, so Android users are powerless against this type of telemetry.
This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they’re not used by the device owner, and which cannot be uninstalled
Adobe Patches Critical Code Execution Vulnerabilities in Several Products
Humans are not perfect, we always make mistakes, even when writing code.
Excerpt from the article:
None of these vulnerabilities appears to have been exploited in attacks, and since they all have priority ratings of 2 or 3, Adobe believes they are unlikely to be leveraged by malicious actors in their operations
Don’t get phished! How to be the one that got away
Anyone can get phished, even the smartest among the nerds.
Excerpt from the article:
However, some phishing emails that land in inboxes are so well crafted and look and feel just like the real deal, making it much tougher to identify them as fakes. This challenge will only get harder as cybercriminals perfect their art
WhatsApp rolls out iOS, Android end-to-end encrypted chat backups
It's been a long time coming, and finally, it's here. In case you didn't know, if you've ever backed up your WhatsApp chat in the "cloud", it's not encrypted, therefore, it defeats the purpose of WhatsApp End-to-End encryption.
This news is a game-changer.
Excerpt from the article:
While this feature is not rolled out to everyone yet, users will be able to assign a password that only they know to be used to encrypt backups before they are uploaded to iCloud or Google Drive
Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages
It works flawlessly as an ad-blocker, but behind the scenes and unknowingly to its users, they also make money for the extension developers.
Excerpt from the article:
The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers connected to an add-on called AllBlock. The extension has since been pulled from both the Chrome Web Store and Opera add-ons marketplaces
Support Me
Writing makes me thirsty. I'll appreciate a cup of coffee 😉.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.
Posted on October 15, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 30, 2024
November 30, 2024