You probably associate information security with desktops and laptops, business computers, and servers in datacenters. Too often, we assume that our mobile devices are inherently more secure, probably because of how we interact with them. But last week’s security news includes warnings for iPhone and Android users. Just a reminder that no one is safe.
First, if you haven’t updated iOS, it’s time to do so. Last week, it was reported that iPhone users running iOS 18.4 to 18.7 are vulnerable to the “DarkSword” attack, which can collect personal data, steal it, and clean up behind itself within minutes. Security researchers have been warning about the attack since last November, because so far it’s been used largely as targeted malware by Russian state actors against Ukrainian iPhone owners. That said, it won’t be long before it’s used against others since it’s already in the wild.[1]
Android users, you don’t get a break. If you’re a VPN user (and you should be), your VPN could be broken on your phone, and notable providers like Proton, Mullvad, TunnelBear, and others have been trying to get Google to fix it for months now. In short, updates from the Google Play Store prevent a VPN from working in the background as it should, leading the connection to drop, causing the user to assume their VPN isn’t working properly and to blame the service. Google acknowledged the issue but hasn’t done anything about it, likely because it doesn’t affect all VPN users. That said, Proton recommends reinstalling your VPN app manually if you run into the problem, so keep that in mind. While you’re at it, check out our VPN power user tips to boost your protection.
In other security news, hackers hit identity protection company Aura this week, making off with over 900,000 records of its users. It’s bad news whenever a security firm is breached, but in this case the situation is pretty familiar: one user’s business account was compromised through a phishing attack, and while company admins shut down the hacker’s access after about an hour, they still managed to get away with a lot of information, mostly names, phone numbers, email addresses, and customer service records. That data has already been spotted on the dark web, posted by a name you might recognize: ShinyHunters, the same ransomware gang that’s breached Grubhub, Google, and Pornhub, among others.
That’s a lot of hacks and vulnerabilities, and before we take a look at what else is going on around the web, here’s a reminder that the PCMag security team will be at the RSAC security conference next week, so expect even more news from the event. Here’s what we’re looking forward to seeing when we get there.
Until then, let's take a look at everything else that happened last week.
Gartner Warns: Copilot May Cause Cognitive Debt on Fridays - If you haven’t heard the phrase “cognitive debt,” you will soon, as more and more companies push AI to their employees, and more research comes out showing that people use AI to automate tasks that then result in errors that need to be fixed by humans, completely negating the potential productivity benefits. Well, over at Gartner, a research and consulting firm, teams are floating a ban on using Microsoft’s Copilot on Fridays, because people are tired, it’s the end of the week, and they use it so often without checking their work that it’s causing problems.
According to The Register, the suggestion, which started as a joke from Gartner analyst Dennis Xu, was actually based on the fact that Copilot has a tendency to produce results that, even when factually correct, may be unacceptable for the workplace, or for sharing with customers. Combine that with Friday afternoons and everyone just wanting to be done with work and to go home, and well, you see where this is going. To be fair to Xu, it was just one suggestion in a talk about mitigating Copilot risks in the workplace. Among the others were limiting Copilot’s access to sensitive data to prevent exfiltration and reducing the risk of prompt injections, all tips that every organization saddled with an AI tool could use.
Free Parking in Russia After DDoS Attack Disables City System - It’s rare that we get fun news to share in these weekly security roundups, but this is too good not to include. Over on the BitDefender blog, this story from Russia caught my eye: In the City of Perm, a community east of Moscow and just west of the Ural mountains, citizens were able to treat themselves to three days of free city parking after a DDoS attack took out the city’s parking payment system. The municipal government issued an official statement on Telegram about the outage, stating that they wouldn’t be ticketing or fining people for parking in normally paid spots due to the issue.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.pcmag.com/news/cyber-chaos-this-week-iphones-under-attack-android-vpn-glitches-and-the
Comments