Update your iOS device! Spyware Pegasus has been found on iPhones with the latest iOS

We compile noteworthy news incidents and vulnerabilities from the past week, shedding light on the ongoing challenges in maintaining digital security.

Spyware Pegasus has been found on iPhones with the latest iOS.

Apple recently released a security update in response to the discovery of a critical vulnerability called BLASTPASS, which allowed attackers to infect iPhones running the latest iOS version without any user interaction. This vulnerability was exploited to deliver the malicious Pegasus software, which enables location tracking, call eavesdropping, and access to the victim’s camera and microphone. Apple acted swiftly and issued a patch, which is available for all iPhones running iOS 16.6 and newer versions. Alongside this, the Citizen Lab organization has urged users to activate Lockdown mode, providing an additional layer of security.

To protect your iPhone from malicious software and cyberattacks, it’s crucial to keep your software up-to-date, download apps only from trusted sources, use strong passwords and two-factor authentication, and exercise caution when opening links and files, especially when sharing personal information in emails and messages.

Source: https://www.hackread.com/blastpass-pegasus-spyware-exploit-iphones-ios/

Iranian hackers breached the U.S. aviation agency through vulnerabilities in Zoho and Fortinet services.

CISA, FBI, and CNMF confirmed that an APT group exploited CVE-2022-47966 to gain unauthorized access to a publicly accessible application (Zoho ManageEngine ServiceDesk Plus). CISA has been involved in resolving the incident from February to April and stated that hacker groups had been in the compromised network of the aviation organization since at least January, after infiltrating the server running Zoho ManageEngine ServiceDesk Plus and the company’s Fortinet firewall.

As three U.S. agencies warn, APT groups often search for vulnerabilities in devices exposed to the internet that haven’t been patched against critical and easily exploitable security flaws. After infiltrating the target’s network, attackers maintain a persistent presence on compromised parts of the network infrastructure. These network devices are subsequently used as pivot points for maneuvering within the victim’s networks.

Source: https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-us-aviation-org-via-zoho-fortinet-bugs/

1. Johnson & Johnson discloses IBM data breach impacting patients
   https://www.bleepingcomputer.com/news/security/johnson-and-johnson-discloses-ibm-data-breach-impacting-patients/

2. UK Electoral Commission Fails Cybersecurity Test Amid Data Breach
   https://www.infosecurity-magazine.com/news/electoral-commission-fails/

3. Freecycle confirms massive data breach impacting 7 million users
   https://www.bleepingcomputer.com/news/security/freecycle-confirms-massive-data-breach-impacting-7-million-users/

4. Medical Data Breach: Ayush Jharkhand Hacked
   https://www.infosecurity-magazine.com/news/ayush-jharkhand-hacked/

5. Sensitive Data about UK Military Sites Potentially Leaked by LockBit
   https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/

6. Sydney University Suffers Supply Chain Breach
   https://www.infosecurity-magazine.com/news/sydney-university-suffers-supply/