Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active.
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation.
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.
Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.
Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed.
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
