Latest White Paper | "Cyral for Data Access Governance"· Learn More
Cyral
Free Trial
Blog

The Security Digest: #87

Do you check Mail on your Apple watch? Learn why researchers are warning against it. A new zero day has been fixed for iPhone iOS 15.0.2 flaw. There are security issues in embedded devices for Linux users involving BusyBox. A mysterious Israeli company is recently under fire for helping facilitate widespread cyber attacks on people who visited a popular British news website. There is a new form of phishing called “smishing”, where hackers pose their attack as a SMS text message.

Apple Updates:

  • Beware using Mail on your Apple Watch. Security researchers have found that receiving messages on your wrist compromises Mail Privacy Protection in iOS 15 by revealing your IP address to senders. Mail Privacy Protection — available across Mac, iPhone and iPad — is designed to prevent this from happening by masking your actual IP address. But it seems that using Mail on Apple Watch completely undermines it. Read more.
  • Apple recently fixed a zero-day iPhone flaw with iOS 15.0.2 — update now as iOS 15.0.2 and iPadOS 15.0.2 are extremely important. Read more at Tom’s Guide.

Critical Vulnerabilities Found in BusyBox:

  • Researchers warn users to update Linux systems now.
  • BusyBox is one of the most widely used Linux software suites, and many of the world’s leading operational technology (OT) and Internet of Things (IoT) devices run BusyBox. Some of the threats could have resulted in denial of service (DoS) attacks in exploited, and in rarer cases, could also lead to information leaks and possibly remote code execution. Read more at TechRadar.

British News Website Hacked:

  • A popular British news website, the Middle East Eye, was hacked using a “watering hole attack” by a mysterious Israeli company, specifically targeting and manipulating the devices of users who visited the site. A watering hole attack is a tactic that “places malicious software on a website to infect and hack the computers of people who visit it.” The U.S. Commerce Department added the Israeli company, Candiru, to the trade blacklist in early November for helping an unknown foreign government facilitate cybersecurity attacks against journalists, political figures, government officials and others. Candiru was previously accused of helping authoritarian regimes by providing hacking technology and other services. Read more at NBC News.

A New Hybrid of Phishing:

  • We’ve all heard of phishing scams and the many ways people have inadvertently been hacked. “Smishing” or phishing in the form of an SMS text message, is evolving. KrebsOnSecurity reports about “a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text,” and breaks down details of an example of this phone-based attack.

Owl fun and facts:

Shelley’s Eagle Owl. Credit: Dr. Robert Williams / Imperial College London

British scientists working in Ghana have rediscovered a “holy grail” giant owl that has lurked almost unseen in African rainforests for 150 years. Read more at Phys org.

About:

TSD began as an internal newsletter created by our security team that would be circulated to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or follow us on twitter @cyralinc if you have any questions, concerns, tips or anything else!