Happy midweek, y’all! I’m just getting back from my first week off in about a decade, and I may have forgotten how to use 2/3 of the apps we use every day here at AX. Has anyone seen my Post-It® full of passwords? Sigh, this is a disaster. Speaking of disasters…
Unfortunately, the cybersecurity world didn’t stop being scary in my absence. Rather than try to go back to everything I missed, let’s just talk about a couple of this week’s big stories.
Okay, as offensive as that attack was, I don’t have time to rant about it. Instead:
iOS malware can fake iPhone shut downs to snoop on camera, microphone
I’m already pretty paranoid about mobile devices and there are some specific tools that I use on every device I own. That being said, there’s just really no end to the layers required for good cyber-hygiene these days. While you shouldn’t assume your mic and camera aren’t already spying on you, this is a pretty nasty piece of malware. All you iOS users who download apps in back alleys and unapproved app stores should take note.
Hackers use video player to steal credit cards from over 100 sites
In formjacking news, “formjacking” may be a word you’ve never heard before. It’s just a fun, hacker-y way to describe a skimmer - a script that can steal personal information, most commonly from a website’s checkout page. Ever had your card skimmed at a gas pump? I have - it sucked. Same principle, only using code instead of a little credit card device. From the article: “In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected...In total, Unit42 found over 100 real estate sites compromised by this campaign, showing a very successful supply chain attack.” Not cool, you guys.