Apple has released iOS 14.4 and said in its update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and Apple declined to give any information beyond advisory. Two of the bugs were found in WebKit, the engine that powers the Safari browser, and the Kernel, the core of the OS. It’s a rare admission by Apple which claim itself on its security image.
Google said that BeyondCorp Enterprise, the zero-trust security platform developed around how Google keeps its network safe, is now available. The tech giant describes it as a solution that enables secure access with integrated threat and data protection. The solution offers everything from DDoS protection and phishing-resistant authentication, to the core continuous authorisation features to protect all interaction between users and resources.
Phone numbers of 533 mn Facebook users are currently being sold via a bot on Telegram, which came from the social network’s vulnerability that was patched in 2019. The person selling the database full of Facebook users’ phone numbers at $20 per number lets customers lookup those numbers by using an automated Telegram bot. The hacker claims to have information on users from the US, Canada, UK, Australia and 15 other countries.
Nokia has been selected for the US’ National Cybersecurity Center of Excellence’s 5G Cybersecurity Project as a tech provider. It would work for a secure shift from 4G to 5G networks. The project would include software, 5G RAN, core solutions and IP-Backhaul. It was selected on the basis of its success in 5G networks, mobile network security and expertise in 5G RAN. The aim is to develop 5G’s advances in security features, leveraging in cloud technologies.
Suspected Russian hackers targeted the cybersec firm Malwarebytes. The attacker abused “apps with privileged access to MS Office 365 and Azure environments,” said CEO M Kleczynski. He said the attack was part of the campaign that has used SolarWinds software to target other firms. Analysts, on the other hand, have said that SolarWinds’s software wasn’t the only method used to breach networks as a new form of malware used in the attack was discovered.
The European Union’s drug regulator claimed that COVID-19 vaccine documents stolen, leaked and manipulated by hackers in a cyber-attack. The European Medicines Agency had said that the investigation showed that emails and documents were hacked related to the evaluation of experimental coronavirus vaccines. Italian cybersecurity firm Yarix has found the 33-megabyte leak was done to damage the reputation and credibility of EMA and Pfizer on the dark web.
In Cybersecurity space AI would replace humans by 2031, as hackers use more sophisticated tools, said a new report by Trend Micro. The report said more than 41% of IT leaders surveyed think that AI would replace their role by 2030. Just 9% were confident that AI would not replace them within the next decade. 32 % said AI would eventually work to completely automate all cybersecurity. 19 % believe that hackers using AI to enhance arsenal would be commonplace by 2025.
Quick Heal Technologies has invested $2 mn in L7 Defense, an Israel-based cybersecurity startup which specialises in API Security and NG-WAF. It is the third investment of the Pune based cybersecurity firm in the last 18 months. Last year, Quick Heal had invested $300,000 in L7 which had helped it to acquire clients in financial, telecom, IT industries across the US and Europe. Quick Heal had also invested in Singapore- based Ray Pte Ltd.