Security news weekly round-up - 18th June 2021

Habdul Hazeez - Jun 18 '21 - - Dev Community

4 weeks in a row! Let's keep up the momentum!

Introduction

This week it's all about security.


Apple: WebKit Bugs Exploited to Hack Older iPhones

Earlier in this series, we covered the WebKit bug, as it seems, older iPhones are vulnerable. Therefore, you should update your device if your iPhone device is "old".

Excerpt from the article:

The two WebKit bugs (CVE-2021-30761 and CVE-2021-30762) are memory corruption and use-after-free issues that Apple says were fixed with improved state management.

Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them

At first, you might think it's impossible to achieve this, but, it's software, you can find a way to make it do weird things.

The security researcher was awarded $30k.

Excerpt from the article:

An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID.

Criminals are mailing altered Ledger devices to steal cryptocurrency

When a valuable resource is in your possession, some would do anything to get their hands on it.

Excerpt from the article:

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.

Security Flaw Found in 2G Mobile Data Encryption Standard

The article title says it all.

Excerpt from the article:

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.

Security Camera Feeds Exposed Due to Flaw in SDK Used by Many Vendors

SDK is short for Software Development Kit. Programmers can employ SDK to build software. In this regard, if it contains a bug, the final application could contain a bug.

Excerpt from the article:

Researchers at industrial and IoT cybersecurity firm Nozomi Networks discovered that the P2P SDK provided by ThroughTek to many OEMs that make consumer-grade security cameras and other IoT devices is affected by a serious flaw.

The vulnerability, tracked as CVE-2021-32934, is related to data transferred between local devices and remote servers not being properly protected.

Most health apps engage in unhealthy data-harvesting habits

Health apps? Tell me something I don't know.

Excerpt from the article:

The main types of data collected by mHealth apps include contact information, user location, and several device identifiers.

Part of these identifiers (specifically, internshippponal mobile equipment identity (IMEI), a unique identifier used for fingerprinting mobile phones; media access control (MAC), a unique identifier of the network interface in the user’s device; and international mobile subscriber identity (IMSI), a unique number that uniquely identifies every user of a cellular network) are unique and persistent (ie, they are immutable and cannot be changed or replaced) and can be used by third parties to track users across networks and applications.

5 essential things to do before ransomware strikes

The essential things are:

  1. Have backups
  2. Know when to restore your backups
  3. Make sure your cloud backups work
  4. Be recovery ready
  5. Have a game plan

You should read the article for more details.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .