Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
The proposed law in Germany aims to make end-to-end encryption mandatory for some digital services, including messaging platforms, email providers, and cloud services. This move is significant as it would establish encryption as a legal standard, ensuring private and secure communications for users. The bill also seeks to amend the German Telecommunications Telemedia Data Protection Act to require service providers to offer encryption or justify why it’s not possible to implement. While the cybersecurity industry largely welcomes this initiative as a win for privacy, some critics argue that users will still need to implement security features themselves. The bill is currently in the early stages of the legislative process, awaiting agreement from the federal cabinet before evaluation by the German Parliament.
Check Your iPhone Now — These Models Will No Longer Get Updates:In a recent update, Apple has listed several iPhone models that are now considered obsolete, meaning they will no longer receive support or security updates from the company. These include various iterations such as iPhone 3G, 3GS, 4, 4S, 5C, and 6 Plus. Additionally, Apple has designated certain models as “vintage,” indicating partial support with occasional security updates and repairability challenges. Cybersecurity experts emphasize the importance of using supported devices to avoid vulnerabilities, as obsolete iPhones may become targets for exploitation by attackers. Users are advised to check their iPhone model against Apple’s updated list and consider replacing obsolete devices with newer, more secure options to safeguard against potential security risks.
Here’s how much zero-day hacks for iPhone, iMessage, and more are worth:The prices of zero-day hacking tools, which exploit unpatched vulnerabilities in software, continue to rise. Crowdfense, a startup, is willing to pay between $5 and $7 million for zero-days to break into iPhones, with prices increasing for other platforms like Android, Google Chrome, Safari, iMessage, and WhatsApp. This increase reflects companies’ efforts to improve platform security, leading to quicker patching of vulnerabilities. Crowdfense’s payouts are among the highest known publicly, outside of Russia, where prices may be inflated due to geopolitical factors. Apple also offers its own bounty program for security researchers, with a maximum reward of $2 million.
The looming threat of opening Apple’s app ecosystem:The U.S. Department of Justice’s antitrust lawsuit against Apple could lead to changes in its app ecosystem, potentially allowing app downloads outside of its official store. While this could offer more flexibility for developers, it also raises concerns about increased exposure to malware and malicious apps targeting iPhones. Apple argues that its strict App Store policies create a safer environment, but critics contend that it stifles competition. European regulators have already forced Apple to allow sideloading on iPhones, with the company implementing a notarization process to scan all apps for malware. However, experts caution that sideloading could introduce security risks, similar to those seen on open developer ecosystems like Google’s Android. Despite potential challenges, Apple maintains that its walled-garden system is the best approach to mitigate security threats.
Many of the world’s biggest companies reported data breaches last year:A report from SecurityScorecard reveals that a fifth of S&P 500 companies experienced cyberattacks in 2023, with 25% of breaches occurring in the Financial Services and Insurance sectors. Poor cybersecurity practices, coupled with high company valuations and stringent regulations, contributed to these alarming statistics. Social engineering risks were identified as particularly high, with attackers exploiting employee information for tailored attacks. Regulatory pressure, including new SEC regulations mandating prompt disclosure of cybersecurity incidents, has also played a significant role in the increased reporting of breaches. SecurityScorecard emphasizes the need for a standardized framework to measure cybersecurity risk and define materiality, akin to credit scores in the financial world.
Security concerns creep into generative AI adoption:The adoption of generative AI presents potential advantages for enterprises, including enhanced data analytics and faster work processes. However, cybersecurity leaders are cautious about the introduction of new vulnerabilities in an already precarious environment. As AI platforms expand and connect to internal data, threat actors have a broader field to exploit vulnerabilities. CISOs are urged to collaborate with CIOs to proactively address these vulnerabilities by deploying automated tools, keeping cyber professionals involved, and monitoring for signs of malicious activity. Recent reports have highlighted potential threats, such as AI worms and API vulnerabilities, emphasizing the need for vigilance in the generative AI ecosystem. Additionally, concerns exist regarding the security implications of AI-powered coding tools, which may reinforce existing coding standards and introduce security issues. To mitigate these risks, companies are advised to monitor and review generated code rigorously, both automatically and manually, to ensure its security and quality.
Our phones are under threat more than ever — but many of us still don’t have mobile security protection:The majority of mobile users in the UK lack security software on their devices, despite using their phones for sensitive tasks like online banking. A report from Bitdefender highlights a concerning trend of complacency towards cyber threats, with many users unaware of mobile security software or mistakenly believing that their devices are immune to attacks. The increasing risk of cyberattacks targeting smartphones underscores the need for users to install reputable security solutions and stay informed about cybersecurity best practices. Failure to do so could have serious consequences for personal and financial security.
Hijacked Facebook Pages are pushing fake AI services to steal your data:Cybercriminals are capitalizing on the AI craze on Facebook by taking over authentic AI-themed pages and tricking users into downloading malware disguised as cutting-edge AI software. These scammers promise early access to experimental AI tools but deliver malicious software that steals personal data instead. Despite Facebook’s efforts to shut down such pages, impostors continue to surface, amplifying the threat. To safeguard against such scams, users are advised to exercise caution, refrain from clicking on suspicious links, enable multi-factor authentication, and avoid downloading software from unverified sources. These precautions are essential as cyber threats evolve alongside advancing technology.
Protect your Android from the Vultur banking Trojan’s remote attacks:Vultur, a notorious banking Trojan targeting Android devices, has resurfaced with enhanced stealth capabilities, posing a significant threat to users’ security. This upgraded malware employs various tactics, including text messages and phone calls, to deceive victims into downloading malicious software. Once installed, Vultur grants hackers full control over the device, enabling them to manipulate files, bypass security features, and even remotely access the device. To safeguard against Vultur and similar threats, users are advised to avoid responding to suspicious messages or calls, refrain from sideloading apps, carefully manage app permissions, and download apps only from reputable sources. Regularly updating devices, using antivirus software, and implementing strong password practices are also recommended security measures. If compromised, users should take immediate steps to change passwords, monitor accounts for unauthorized activity, and consider using identity theft protection services. With Vultur’s sophisticated capabilities, staying vigilant and proactive in protecting personal information is paramount.
Why You Should Stop Sending Texts From Your iMessage App:Users are warned about the potential risks associated with using iMessage to communicate with Android users via third-party apps like Sunbird, which bridge the gap between iOS and Android ecosystems. Despite the convenience of seeing blue bubbles (indicating iMessage encryption), the texts are not truly end-to-end encrypted, as they pass through Sunbird’s servers. Sunbird’s return, following past security concerns, prompts caution, especially as it doesn’t offer the same level of encryption as native iMessage. Users are advised against relying on third-party relays for messaging security and should instead use alternatives like WhatsApp or Signal for cross-platform encrypted communication.
How to Protect Yourself (and Your Loved Ones) From AI Scam Calls:As AI voice cloning technology advances, scammers are increasingly using it to create convincing replicas of people’s voices for fraudulent calls. Detecting these fake calls has become challenging due to the sophistication of AI audio replication. To protect against these scams, individuals are advised to hang up and call back using verified numbers, establish secret safe words for verification, ask personal questions, understand the potential for voice mimicry with AI tools, and avoid succumbing to emotional appeals. By remaining vigilant and implementing these precautions, individuals can reduce the risk of falling victim to AI-powered scam calls.
Published on Medium
