|
|
|
|
|
Cyber Daily: Apple Cyber Flaw Allows Silent iPhone Hack | Zero Trust Explained
|
|
|
|
|
|
Hello. Israeli security firm NSO Group has been exploiting a significant security flaw in Apple iPhones since February, according to research group Citizen Lab, which discovered the issue.
The attack is particularly worrisome because it is what is referred to as a “zero click” attack, meaning, unlike most other iPhone attacks, the user doesn't need to click on a link or open a document to be infected, The Wall Street Journal reports.
Apple put out an iOS security update Monday.
Also today: Biden's zero trust cyber mandate, explained.
Read on for more news.
|
|
|
Sponsored by Netscout
|
|
Why Are Carpet Bombing DDoS Attacks Difficult To Mitigate?
Although carpet bombing attacks are complex, building an understanding is the first step to detecting, mitigating, and lessening their impact.
Watch Video
|
|
|
|
|
|
|
|
|
Apple issued a critical security update fixing the flaw on Monday. PHOTO: MATTHEW RIVA/THE WALL STREET JOURNAL
|
|
|
|
Stealth infection: An Israeli security firm has been exploiting a significant security flaw since February to silently infect iPhones using an iMessage, according to the research group that discovered the issue.
Apple issued a critical security update fixing the flaw on Monday, but the vulnerability had been used in attacks by Israel’s NSO Group, a cybersecurity surveillance firm, according to Citizen Lab. Citizen Lab is an academic research group that investigates cyberattacks on journalists and dissidents.
Read the full story.
|
|
|
|
|
Hackers compromised a software update from SolarWinds to break into computer networks of at least nine federal agencies and dozens of U.S. businesses. PHOTO: SERGIO FLORES/REUTERS
|
|
|
|
Explainer: Zero Trust. The White House Office of Management and Budget last week released a draft blueprint for a so-called zero trust approach to fending off hackers. Federal agencies have until 2024 to revamp cyber measures to support the approach. The shift, which President Biden announced in May as part of an executive order to shore up cybersecurity, aims to help spot or contain threats such as the breach of federal systems last year through SolarWinds Corp.
|
|
|
A:
|
The approach views any user, device or application as a potential threat, requiring repeated verification of identities and abilities to access data. That contrasts with traditional security frameworks, in which tools or people are trusted once they make it past perimeter defenses often structured around networks tied to physical offices.
|
|
|
Q:
|
How can organizations turn the buzzword into reality?
|
|
|
A:
|
While many aspects of zero trust aren’t new, combining them into a cohesive whole is complex. It can require cataloging all the devices across an organization, instituting multifactor or biometric authentication, monitoring connections in real-time, tightening users’ access controls, cordoning off outdated technology and dividing networks into areas that can be isolated in the event of attacks.
Read the full explainer here.
|
|
|
|
“It’s going to get very expensive, very quick.”
|
— Theresa Payton, CEO of cyber consulting firm Fortalice Solutions LLC and former White House CIO, referring to shifting to a zer-trust approach to cybersecurity
|
|
|
|
|
|
PHOTO: YURIKO NAKAO/REUTERS
|
|
|
Olympus hit in cyber incident. Industrial conglomerate Olympus said it is investigating an unspecified cyber incident affecting its tech systems in Europe, the Middle East and Africa. "As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners," said the company, which makes medical, science and industrial equipment.
|
|
|
-
The episode was described as a ransomware attack by the BlackMatter group, according to a person familiar with the situation, TechCrunch reports.
-
The U.S. Department of Health and Human Services issued a warning last week about BlackMatter, saying its threat to the healthcare sector is "elevated."
|
|
|
PHOTO: BRENDAN MCDERMID/REUTERS
|
|
|
Fake Walmart press release triggers cryptocurrency surge. The price of litecoin, a little-used cryptocurrency, spiked in early trading Monday before falling back, after a news release touting a partnership with giant retailer Walmart turned out to be fake. Litecoin traded as high as $231, up 30%, after the release came out from GlobeNewswire at 9:30 a.m. ET. Litecoin fell after Walmart said the news release was fraudulent. (WSJ)
|
|
|
👉 “This has never happened before and we have already put in place enhanced authentication steps to prevent this isolated incident from occurring in the future,” GlobeNewswire said.
|
|
Tenable to buy cloud-security startup Accurics Inc. for $160 million. Columbia, Md.-based Tenable Inc., which provides threat intelligence tools, said the deal is part of a strategy to help organizations secure applications and development systems in the cloud. (SecurityWeek)
|
|
|
|
|
PHOTO: RITCHIE B. TONGO/EPA-EFE/REX/SHUTTERSTOCK
|
|
|
Questions remain about manufacturer's breach. Richmond, Va.-based Carpenter Co. is notifying 14,300 employees and contractors that their personal data, including Social Security numbers, were exposed during a ransomware attack in March. The wide-ranging attack affected operations systems, email software and network but the company at the time wasn't sure whether data were compromised.
|
|
|
-
An investigation concluded May 24 determined that certain information was accessed during the intrusion but Carpenter said it can't be sure whether a hacker viewed or used the data.
-
Carpenter didn't pay a ransom. It said it added network monitoring and other tools to improve its security.
Alvaro Bedoya to be nominated to FTC post. Mr. Bedoya is an academic who has criticized facial-recognition and other digital technologies that can be used for surveillance. has served since 2014 as the founding director of Georgetown University’s Center on Privacy & Technology where he co-wrote a widely cited 2016 study that documented U.S. police departments’ use of facial-recognition technology and called for additional regulations. (WSJ)
|
|
|
|
|
|
|