Security news weekly round-up - 25th June 2021

5 weeks in a row! Hi 5!✋

Introduction

This week's review encompasses what this series is all about: security.

iPhone bug breaks WiFi when you join hotspot with unusual name

I'll say this: be careful with the name you assign to your Wifi network.

The unusual name in question is %p%s%s%s%s%n.

Excerpt from the article:

Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed.

Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability

This is yet another piece of news about Apple products. In this case, it's iCloud.

The article title says it all, but, here is an excerpt that summarizes the entire story:

The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the ‘forgot password’ functionality for Apple accounts.

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

Yeah, this is about hardware. Who loves hardware?

Well, if you are a gamer, the name NVIDIA will not sound foreign to you, and also, it means you should read this article.

To help you out, I have provided an excerpt below.

The flaws affect products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions prior to 32.5.1.

Chief among the vulnerabilities is CVE‑2021‑34372 (CVSS score: 8.2), a buffer overflow flaw in its Trusty trusted execution environment (TEE) that could result in information disclosure, escalation of privileges, and denial-of-service.

Research Shows Many Security Products Fail to Detect Android Malware Variants

Yeah, I know, if security software can not protect our Android devices, what's next? 🤔

Excerpt from the article:

Called DroidMorph the tool allows for the cloning of both malicious and benign applications by making modifications at different levels of abstraction. Testing against 17 commercial anti-malware engines has shown that half don’t detect the clones.

How to tell if a website is safe

You might think, I am always careful, but, trust me, when it comes to online security, you can never be too careful.

An excerpt would do no justice to the article, therefore, I am pleading with you, to read the article.

A Google Drive security update will break some of your shared links

The said update is coming by September 13, 2021, therefore, buckle up.

Excerpt from the article:

We’re releasing a security update which will apply to some Drive files. This will make Google Drive files more secure by updating their links and may lead to some new file access requests.

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

What should I say? That moment when you might be broke, and there you are, your computer is making money for someone else without your knowledge.

Excerpt from the article:

Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig for stealthily exploiting the infected host's resources to mine Monero.

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, I'll see you next Friday.