Monday 7th October 2024
Aidan Dickenson
Sales pressure weighing you down? I help you beat rejection and stress so you can sell with confidence and live a balanced life.
Good morning! A very happy Monday and thank you for joining me for today's edition of Cyber Daily. Apple’s is working hard fixing bugs faster than we can say “CVE,” Comcast is dealing with a ransomware mess that even their debt collectors couldn’t see coming. And if you run a WordPress site, now’s a great time to double-check your LiteSpeed Cache plugin settings, or you might give hackers a VIP pass to your admin account. Enjoy!
Apple’s quick patch for security bugs
Apple just rolled out iOS and iPadOS updates to fix two serious security flaws. One of the vulnerabilities, CVE-2024-44204, involved a logic issue in the Passwords app that allowed the VoiceOver assistive technology to read users’ saved passwords aloud. Apple credits security researcher Bistrit Daha for catching the bug, which affected a range of iPhones and iPads. Fortunately, the glitch has been squashed with improved validation.
The second issue (CVE-2024-44207) was specific to the new iPhone 16 models, where audio could be captured for a few seconds before the microphone indicator turned on. The flaw was found in the Media Session component and was reported by Michael Jimenez and an anonymous source. Apple has since applied more stringent checks to fix the problem.
To stay protected, users should update to iOS 18.0.1 and iPadOS 18.0.1 ASAP.
Comcast’s customer data stolen in debt collector breach
Comcast is alerting nearly 238,000 customers that their personal data was stolen in a February cyberattack on Financial Business and Consumer Solutions (FBCS), a debt collection agency. This comes after initial assurances from FBCS that Comcast's data was safe. The breach was later confirmed in July, revealing that sensitive information such as names, addresses, Social Security numbers, and Comcast account details had been compromised.
领英推荐
FBCS was hit by a ransomware attack where the intruders both downloaded data and encrypted parts of its systems. Despite the breach happening on FBCS's end, Comcast is covering identity protection services, as FBCS claimed it couldn’t afford to do so.
This isn’t the first high-profile breach for Comcast, but the company has clarified that its own systems, including Xfinity, were not affected. Users impacted are advised to monitor their accounts for suspicious activity.
To date, over 4 million people have been affected by FBCS’s data breach.
WordPress LiteSpeed Cache plugin hit by severe security flaw
A high-severity vulnerability (CVE-2024-47374) has been discovered in the LiteSpeed Cache plugin for WordPress, which could allow attackers to execute arbitrary JavaScript code. The plugin, with over six million active installations, is a popular tool for site acceleration and optimization, making this a critical issue for WordPress admins.
The flaw is a stored cross-site scripting (XSS) vulnerability impacting versions up to 6.5.0.2 and was discovered by TaiYou through Patchstack's bug bounty program. It arises from improper sanitization of the “X-LSCACHE-VARY-VALUE” HTTP header, which could allow attackers to inject scripts if the “CSS Combine” and “Generate UCSS” settings are enabled.
An attacker could exploit this to hijack the account of a site administrator, gaining full control over the website. The issue was patched in version 6.5.1, released on September 25, 2024.
Admins should update immediately to avoid potential site takeovers.
CEO of WORLDFIELD REAL ESTATE and WORLDFIELD INVESTMENT?HOLDING Dubai, UAE ???? multiple IRONMAN Finisher
5 个月That's important! It's good to see Apple addressing these security vulnerabilities.
CEO @ NextPage IT Solutions ? Scaling Businesses Using Tailored IT Services in 90 Days ? $20M in Client Revenue ? Business Automation
5 个月Apple is also launching some amazing products in October. It'd be great to see what innovation Apple will bring to the table :) Aidan Dickenson