And here comes another Sunday Weekly… On Mondays!
Let’s start with the Weekly Threat Report from the UK NCSC, where you will find some interesting stuff, but what caught my eye is that millions of fitness app users were exposed after a data breach. In times where I imagine these outdoor fitness apps are no having lots of activities, Kinomap, an indoor training app, might be used but lots of people. Well, maybe not anymore, since the breach exposed PII from 42 million users, and included full names, email addresses, gender, and timestamps for exercises.
In the same report, you will find out about Nintendo account hijacking, impacting 160.000 users. Too bad we are getting used to reading this sad news.
Scam emails are still a critical security issue, and in this case, it has been used to steal 1.3 million USD, although some 600.000 USD was recovered. It all started with a phishing email and then adding new targets to the conversation. I recommend reading the article, pretty illustrative. Maybe reading again my post on how to detect phishing is useful.
If you have an iPhone running iOS 13.4.1 and use Twitter, maybe you need to read this post from The Verge. Long story short, several characters from the Sindhi language cause the iOS to lock and make the iPhone crash.
And we continue with Apple since I read there is a Zero-Day on its Mail application, which allows remote code execution capabilities, opening the door to infect a device by sending emails remotely. What surprised me is that this vulnerability exists at least since iOS 6, which was launched eight years ago! For now, no patch is available, so I strongly recommend being careful and updating your iPhone as soon as the patch is released.
Sophos has released an emergency patch to fix an SQL injection bug exploited in the wild, and that was impacting the XG Firewall product line. With this flaw, attackers could retrieve usernames and passwords to access the firewall admin console.
We will finish with a funny thing. I recall a long time ago when I started working with a provider, and for a while, I had to call him almost every day, and the company was using the Cisco phone system. Hence, I had the opportunity to listen for some minutes every day the hold music, and at some point, I kept humming it the whole day!
I bet that this brings you some memories! Do not blame me if you are now humming this music for the whole week! To help you forget it, you can use this Spotify list:
Stay safe!