Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

DATE(S) ISSUED:

18/08/2022

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

For full details and actions to protect your devices and systems, follow the link to the Center for Internet Security or reach out to our friendly cyber experts below.

DETAILS:

• macOS Monterey is the 18th and current major release of macOS.

• iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.

• iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

To discuss cybersecurity protection strategies for your business, reach us here https://www.advance.net.au/contact

Or call us on +618 8238 6500

Alert, but not Alarmed

We are all on the front lines in the fight against cybercrime, both at work and at home.

It's increasingly common for criminals to lock either your work or personal files, then demand a ransom payment in return for unlocking them.

This is called a ransomware attack and there are some very easy steps you can take to protect yourself and your family.

What are the signs of a Ransomware attack?

• Dodgy Emails - Criminals usually try to put Ransomware onto your computer through illegitimate websites, or infected attachments. Be very wary of emails from people you don’t know or didn’t expect, particularly if they contain links to other websites or attachments.

  If you've recently received an email from someone you don't know, or that didn’t look quite right and have already opened the link or attachment, be alert.

• File names - If your file names, or the three letters after them (example.txt) are changing, this could be a sign your files are being locked

• Cant access files - If you are unable to access files this could be a sign they have been locked

• Ransomware Notice - Once a certain number of files are locked, the criminal will display a notice, usually asking for urgent payment, and usually asking for an online currency such as bitcoins.

What should I do if I notice the signs?

• Immediately power off - Once the computer is completely powered off, no more files can be locked, and the ransomware cannot spread to other computers in your home or office

• Remove any network cables - To ensure the ransomware cannot spread once the computer powers on again, remove any network cables. For WIFI laptops, switch any physical WIFI buttons to the off position.

• Contact support - In the workplace, the IT department should be made immediately aware. At home, you will need to contact whoever does your IT support. You may want to call a professional.

• Don't Pay - If you do pay the ransom, you are relying on the criminal's good nature to unlock the files, which is unlikely to happen. Even if it does, you will then be marked as someone willing to pay ransoms and be targeted again in the future.

Is there anything I can do to reduce the risk of this happening to me?

Absolutely, in many cases, these are done for you by the IT team, but at home, you will need to do them yourself:

• Install Patches - Your operating system and any programs you have installed will often need updating or patching. These are very important, as it is the manufacturer fixing problems that criminals may exploit. You should make sure all of your software is regularly patched, and allow the patches to install as soon as possible.

• Anti-Virus - Ensure you have Anti-Virus software installed and running, and that it is up to date

• Backups - While these won’t protect you from getting ransomware, they will make it very easy to recover your locked files without paying a ransom. Where ever possible backups should be stored separately, so criminals cannot erase them if they do gain access to your computer.

• Block Macros - Microsoft Office Macros are a very common way for criminals to gain access to your computer. Having these switched off by default helps protect you against this form of attack

• Administration Privileges - Accounts with administrative privileges can install and run applications (and ransomware). While it's inconvenient to have to switch to a different account each time you want to install new software, it can protect you from a criminal installing ransomware in the background while you are unaware.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Who Am I Really Speaking To?

Email-based scamming has quickly become the leading cause of financial loss Australian businesses and individuals, with criminals now $132,000,000 each year.

This CyberGuide will show you how to protect yourself and your family by identifying the warning signs and commonly used scams.

Email-based scams have grown in popularity recently due to the speed at which criminals can run them, along with the lucrative returns they generate.

What is an Email Scam?

Often called Email Compromise or Business Email Compromise, email scams are where a cybercriminal uses social and technical tricks to make a person think they are exchanging emails or text messages with someone they already know. The cybercriminal then uses the trust of the relationship to have bank details updated, or initiate the transfer of funds, goods or gift cards.

What Are the Common Scams?

The false invoice:

John recently paid his builder for some renovation work. Later he found out that his builder had not received the payment. When they checked, the invoice and bank details John had paid had not been sent by the builder. Instead, it was sent by criminals who had used a fake email address that looked very similar to the builders.

Supplier Impersonation

Jane works in the finance team. She received a routine email from a regular contact at a long-standing supplier advising of a change in their bank details. Jane checks the email address and it is correct and has been used many times in the past, so she makes the change.

In fact, Jane’s regular contact has unknowingly had her password stolen, and criminals have logged in to her email account. The next legitimate payment to the supplier will be sent to the criminal's bank account.

CEO Fraud

Gary is the executive assistant to the CEO and just received a text message from a number claiming to be the CEO’s personal mobile. The message says that his boss is out with some potential new clients and urgently needs some iTunes gift cards to give them to seal the deal. Can Gary please buy some, SMS the codes and expense the cost tomorrow.

Of course, the phone number does not belong to his boss, and his boss did not make the request. Instead, the gift cards will go to the criminals to be sold on the black market.

Employee Impersonation

Linda from the Payroll team has received a request from an employee to have their bank details changed in the Payroll system. What has happened is a criminal has covertly gained access to the employee's user name and password and is trying to divert the employee’s next salary payment to the criminal's bank account.

What are the warning signs to look out for?

• An unforeseen change of bank details - Criminals often target changing bank details because there is no immediate payment involved, so often does not trigger alarm bells.

• An urgent payment request or threats of serious consequences if payment isn't made - urgency is very often used because it makes the intended victim rush and not consider the possibility of a scam.

• Unexpected payment requests from someone in a position of authority - Criminals will often use the authority of the CEO or CFO to get potential victims to skip approvals and due process and rush payments.

• An email address that doesn't look quite right, such as the part after the @ not exactly matching the supplier's normal email addresses. - Criminals will create new email addresses with small changes to impersonate legitimate contacts, such as @Mircosoft.com instead of the @Microsoft.com, or replacing the letter L with the number 1.

• Personal or unrecognised email addresses or phone numbers - Criminals will create hotmail and gmail addresses using the first and last name of the person they are trying to impersonate and trick the potential victim into believing it is a personal email address.

• Personal Information - Criminals will often use social media to gain information about a person they are trying to impersonate and relay it to the potential victim to build trust. Information such as close contacts, home location or current holiday location is used most commonly.

Criminals will often combine multiple of the above techniques, such as waiting for the CEO to post holiday pictures on Facebook, then using a fake email with the CEO's first and last name to request the urgent change of a suppliers bank details.

 What can you do to prevent email scams? 

• Look out for the warning signs and be aware.

• Don’t be afraid to use a phone call to verify identity – Almost 100% of email scams can be prevented with a simple phone call. use your contacts or corporate directory (don't trust the signature in the suspicious email) to call them and double-check they did send the email you received.

• Always check the full email address on suspicious emails, can you spot any minor changes?

• Don't be rushed, take your time, follow all the correct processes and think about the possibility of scammers.

• Report any suspicious emails to your IT and Security teams.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500