Web / Internet Threats















        Operation indiscriminately infects iPhones with spyware. Researchers say suspected nation-state hackers
        infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming
        security failure for a company whose calling card is privacy. A mere visit to one of a small number of tainted
        websites could infect an iPhone with an implant capable of sending the smartphone owner's text messages,
        email, photos and real-time location data to the cyberspies behind the operation. "This is definitely the most
        serious iPhone hacking incident that's ever been brought to public attention, both because of the
        indiscriminate targeting and the amount of data compromised by the implant," said former U.S. government
        hacker Jake Williams, the president of Rendition Security. Sensitive data accessed by the spyware included
        WhatsApp, iMessage and Telegram text messages, Gmail, photos, contacts and real-time location —
        essentially all the databases on the victim's phone. While the messaging applications may encrypt data in
        transit, it is readable at rest on iPhones. Google researcher Ian Beer said in a blog posted late Thursday that
        the discovery should dispel any notion that it costs a million dollars to successfully hack an iPhone. "This
        should serve as a wake-up call to folks," said Will Strafach, a mobile security expert with Sudo Security.
        "Anyone on any platform could potentially get infected with malware."

                Source:  https://finance.yahoo.com/news/researchers-websites-infected-iphones-spyware-
                151931958.html




        Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems. Cisco last week informed customers
        that it released patches for 17 critical and high-severity flaws affecting some of the company’s Unified
        Computing System (UCS) products, including Integrated Management Controller (IMC), UCS Director, and UCS
        Director Express for Big Data. Many of the security holes were found by Cisco itself, but some have been
        reported to the networking giant by researcher Pedro Ribeiro. Ribeiro announced on Wednesday that he has
        released the details of three vulnerabilities that can be exploited by malicious actors to gain complete control
        over affected systems. One of the flaws, tracked as CVE-2019-1935 and classified as critical, can allow a
        remote attacker to log in to the command-line interface (CLI) of a vulnerable system using the SCP user
        account (scpuser), which has default credentials.
                Source:  https://www.securityweek.com/cisco-ucs-vulnerabilities-allow-complete-takeover-affected-
                systems



        Domen toolkit customizes fake web page overlays to bolster infection odds. A malicious campaign has been
        leveraging a newly discovered social engineering toolkit to distribute a wide range of phony web page
        overlays, seemingly generating at least 100,000 page views in the just the past few weeks. The toolkit, dubbed
        Domen, uses a cleverly written client-side script (“template.js”) to deliver these fraudulent overlays, which are
        loaded as an iframe from compromised websites and displayed on top of the website’s actual legitimate
        content. Most of the compromised websites run on WordPress, according to Jérôme Segura, director of threat
        intelligence of Malwarebytes, in a company blog post describing the threat.

                Source:  https://www.scmagazine.com/home/security-news/domen-toolkit-customizes-fake-web-
                page-overlays-to-bolster-infection-odds/

                                                    www.accumepartners.com
                                                                                                                    13