IT Security Newsletter - 9/14/2021
Apple patches against alleged NSO Group zero-click exploit used on activists
Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers. The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets - including the phone of a Saudi activist in March, researchers at Citizen Lab said. READ MORE...
Leaked documents reveal the special rules Facebook uses for 5.8M VIPs
Facebook had a problem on its hands. People were making posts that got caught in the company's automated moderation system or were taken down by its human moderators. The problem wasn't that the moderators, human or otherwise, were wrong to take down the posts. No, the problem was that the people behind the posts were famous or noteworthy, and the company didn't want a PR mess on its hands. READ MORE...
Global Databases Riddled with an Average of 26 Vulnerabilities
Nearly half (46%) of the world's on-premises databases contain known vulnerabilities - most of which are high or critical severity, according to a new five-year study from Imperva. The security vendor scanned 27,000 databases globally over five years and discovered that they contained 26 vulnerabilities each on average. Some 56% of these were ranked in the top two severity categories, meaning they could lead to serious compromise if exploited. READ MORE...
How a glitch in the Matrix led to apps potentially exposing encrypted chats
The Matrix[.]org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity. READ MORE...
- ...in 1956, the IBM RAMAC 305 was introduced.
- ...in 1959, the Soviet probe Luna 2 crashes onto the Moon, becoming the first man-made object to reach it.
- ...in 1994, Major League Baseball cancels the 1994 season and the World Series.
- ...in 2000, Microsoft introduced the last update to the OS, MS-DOS. (Version 8.0)