Security Snacks #8 – The ultimate iPhone hack, The new threat of cyber-biological attacks & 2021 threats forecast

By Anna Hammond

December 4, 2020

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

2020, an already memorable year, still has a stock of surprises for us: A zero-click exploit that allows anyone to get complete control of all nearby iPhones, a new type of cyber-biological threat that gives insight into the potential future of biological warfare, a US Supreme Court case that could result in hindering security research, and yet another Windows 7 vulnerability with an unofficial patch.

Continue reading for all details and cybersecurity news.

Notable Security News

iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Ian Beer, a researcher at Google’s Project Zero, published his 2020 lockdown project: He devised a zero-click exploit that allowed gaining complete control of all iPhones within Wi-Fi range. An impressive feat considering that it uses a single vulnerability (“A fairly trivial buffer overflow” in Apple’s WADL protocol) and not some complex bug chain. It is also a cautionary tale on what attackers with more resources could do, if “one person, working alone in their bedroom” came up with such a powerful exploit.

Supreme Court mulls whether a cop looking up a license plate for cash is equivalent to watching Instagram at work

What does a former cop being heard by the US Supreme Court have to do with hacking? Van Buren was convicted for violating The Computer Fraud and Abuse Act (CFAA) in 2017 after using his access to a police database to run a license plate search in exchange for a bribe. He is challenging these charges in an appeal with potential ramifications on security research. CFAA is an old ambiguous law that prohibits accessing a computer without authorization, or in excess of authorization. If the Supreme Court sets the precedent of a broad interpretation, it could make common online acts like sharing passwords, violating a site’s terms of service, or good-faith security research felonies with disproportionate consequences.

Cyberthreats to financial organizations in 2021

‘Tis the season of new year cybersecurity predictions. Kaspersky go over key events of 2020 and their forecast for 2021. They expect the current pandemic and ensuing economic crisis to cause more ransomware, Advanced Persistent Threat groups from countries under economic sanctions turning to ransomware, more 0-day exploits used by ransomware, Magecart attacks shifted to the server-side, more Bitcoin theft and also more criminals moving to less traceable cryptocurrencies.

New Cyberattack Can Trick Scientists into Making Dangerous Toxins or Synthetic Viruses, According to BGU Cyber-Researchers

Researchers from the Ben-Gurion University of the Negev discovered a new type of cyberattack. By remotely changing the DNA on a bioengineer’s computer, attackers can make them unintentionally generate dangerous toxins or viruses. This is because weaknesses in current screening protocols make it possible to hide the harmful DNA injected and avoid detection. It could mean a new era of biological warfare where criminals produce and deliver viruses without coming near to a lab or dangerous substances.

If you’re still using Windows 7, you need to install this important, free 0-day patch

Microsoft ended support for Windows 7 in January 2020, but there are still millions of devices using it. This is problematic because vulnerabilities are still being discovered in this obsolete operating system. The latest example is a local privilege escalation vulnerability found by Clément Labro. Anyone still using Windows 7 should either upgrade or install the free patch published by 0patch.

Other Interesting News






Intigriti Customer Story

Eric de Smedt, Manager Cyber Security at Telenet Group: Intigriti offers an international platform, where ethical hackers have to register. That makes it more trustworthy for us as clients. They also offer a platform for ethical hackers to get recognition. There’s a hall of fame for where ethical hackers earn points for reporting issues and get a ranking accordingly. Read more…

What Telenet, UZ Leuven and an ethical hacker say about Intigriti’s ethical hacking and bug bounty platform.

You may also like