Bug in New iOS Lets Attacker Access iPhone Pics

Infosecurity Magazine | October 16, 2018

Bug in New iOS Lets Attacker Access iPhone Pics
A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher. While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an iPhone, an attacker could still access the photo albums and send selected pictures using Apple Messages even if the phone is locked. Rodriguez reported the bug and provided a proof-of-concept video via YouTube in which he demonstrated various steps of the attack, which starts with an incoming call to the targeted iPhone. After tapping the "message" option on the iOS call screen, Rodriguez selected the "custom" option, which then displayed the Messages user interface, at which point he entered random letters before calling on Siri to activate VoiceOver.

Spotlight

Lock down your login. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools – like biometrics, security keys or a unique, one-time code through an app on your mobile device – whenever offered. Keep a clean machine. Keep all software on internet-connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. When in doubt, throw it out. Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk. Back it up. Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.

Spotlight

Lock down your login. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools – like biometrics, security keys or a unique, one-time code through an app on your mobile device – whenever offered. Keep a clean machine. Keep all software on internet-connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. When in doubt, throw it out. Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk. Back it up. Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.

Related News
ENTERPRISE SECURITY

Coalfire announces HITRUST Accelerator with AWS Security Assurances Services (AWS SAS)

Coalfire, a leading cybersecurity firm, announced HITRUST Accelerator, a new program that allows customers to achieve HITRUST CSF Validation up to 50% faster when compared with conventional methods. This program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle. Organizations who attempt to prepare for HITRUST certification internally without the help of an experienced external assessor may have timelines in excess of 2 years to achieve HITRUST Certification. The HITRUST Accelerator program uses a three-step process that provides end-to-end support of an organization's preparation, remediation, and HITRUST Validation. This integrated approach enables Coalfire and AWS SAS to quickly identify compliance gaps, assist with technical remediation, simplify document creation, and expedite the Validated Assessment. By accelerating HITRUST Validation, customers will be able to offer significant assurances over their security and privacy controls, which enables them to focus on innovation and driving adoption. Coalfire and AWS SAS share an obsession in creating innovative solutions that maximize customer success," "This passion and collaboration resulted in a program that helps our mutual customers prepare, remediate, and validate against the HITRUST CSF. By taking industry leaders in cloud security and HITRUST, we aim to revolutionize the way that organizations approach and maintain compliance. This has been a long time coming and we are absolutely thrilled to be launching this program with the AWS SAS team. Jeff Rector, Global Engagement at Coalfire The customer journey is accelerated via three tailored workstreams that are designed to: Prepare the customer for HITRUST Validation by thoroughly defining the technical systems and boundary, conducting a thorough gap assessment, and developing fully customized policies and procedures designed to be HITRUST compliant. Reduce remediation efforts and time to 12 WEEKS in most instances, using automated compliance-as-code packages, 30 days of expert AWS technical guidance and security engineering services, and hands-on AWS support configuring AWS services., and to fast-track the collection of evidence ahead of the Validated Assessment to minimize burden and audit fatigue on compliance teams. Validate the environment with confidence, including end-to-end support during HITRUST QA, Corrective Action Plan creation, and report finalization. About Coalfire Leading technology infrastructure providers, SaaS companies, and enterprises – including the top-five cloud service providers and eight of the top-10 SaaS organizations – rely on Coalfire to strengthen their security posture and secure their digital transformations. As one of the largest firms dedicated to cybersecurity, Coalfire delivers a comprehensive suite of advisory and managed services, spanning cyber strategy and risk, cloud security, threat and vulnerability management, application security, privacy, and compliance management. A proven leader in cybersecurity for the past 20 years, Coalfire combines extensive cloud expertise, advanced technology, and innovative approaches that fuel success.

Read More

PLATFORM SECURITY

BT launches transformational new security platform, Eagle-i, to predict and prevent cyber attacks

Relentless growth and ever-changing nature of the threat landscape dictates a new, proactive approach to cyber security Customers to benefit from advances in AI and automation, combined with BT's networking expertise, in transformational cyber defence platform Eagle-i builds on BT's recent security investment and partner ecosystem to address issues such as a more than 50 per cent increase in malware traffic over the last 6 months Business and public sector bodies continue to face an exponential growth in the volume and complexity of cyber attacks, with new research from BT identifying a more than 50 per cent increase in malware traffic over the last six months. Alongside a global shortage of skilled security professionals, organisations around the world are struggling to keep a lid on evolving cyber threats and maintain their defences. In response, BT is launching its most sophisticated cyber defence platform yet — Eagle-i. It combines BT's industry-leading network insight with advances in AI and automation to predict, detect and neutralise security threats before they get a chance to inflict damage. The platform has been designed to self-learn from the intelligence provided by each intervention, so that it constantly improves its threat knowledge and dynamically refines how it protects customers across a multi-cloud environment. Eagle-i will utilise an AI layer to provide real-time detection of issues and intelligent automated responses, enabling users to significantly speed up their reaction to security issues and outpace their cyber threats. It is also uniquely able to integrate with technologies from across the security ecosystem so that organisations can both optimise their capabilities and spot any holes in their defences without having to replace existing investments. The platform will underpin how BT protects its global operations and provide phased enhancements and increased functionalities for all BT's managed security services. Security is now at the top of the boardroom and government agenda yet many organisations are seeing their cyber risks increase to unmanageable levels. This situation demands a new, proactive approach. Eagle-i leverages the latest advances in AI and automation to continually monitor, learn and evolve so customers can stay a step ahead of cyber criminals. Kevin Brown, managing director, BT Security About BT BT Group is the UK's leading telecommunications and network provider and a leading provider of global communications services and solutions, serving customers in 180 countries. Its principal activities in the UK include the provision of fixed voice, mobile, broadband and TV (including Sport) and a range of products and services over converged fixed and mobile networks to consumer, business and public sector customers. For its global customers, BT provides managed services, security and network and IT infrastructure services to support their operations all over the world. BT consists of four customer-facing units: Consumer, Enterprise, Global and its wholly-owned subsidiary, Openreach, which provides access network services to over 650 communications provider customers who sell phone, broadband and Ethernet services to homes and businesses across the UK.

Read More

DATA SECURITY

Herjavec Group, a Global Cybersecurity Leader, Accelerates Growth with Acquisition of SEGMENTECH

Robert Herjavec, Founder & CEO of global cybersecurity firm Herjavec Group and a leading investor on the Emmy Award-winning show Shark Tank, proudly announces the strategic acquisition of SEGMENTECH, a North American cybersecurity services firm specializing in Identity and Access Management (IAM) & Privileged Access Management (PAM) solutions for enterprise customers. This acquisition further expands and accelerates Herjavec Group's leading IAM practice by adding world-class Privileged Access Management talent, specializing in implementations of CyberArk, a global leader in Identity Security. "As we have transitioned to a flexible workforce environment, businesses have been forced to accelerate and pivot their digital transformation," said, Robert Herjavec. "As a result, CIOS and CISOs are navigating a paradigm shift in cybersecurity, and the way their security environment needs to be set up. IAM and PAM have become foundational to all security programs, to ensure that the right people access the right data, at the right time, for the right reasons. As a result, we are experiencing a tremendous uptick in demand for services to implement comprehensive IAM and PAM programs." Founded in 2015 by Roy Levy and Boris Zaidfeld, SEGMENTECH is a leading provider of IAM & PAM services and is an expert advisor in DevSecOps and how to secure CI/CD processes. SEGMENTECH supports global enterprise customers through the implementation and expansion of IAM and PAM programs. Both Herjavec and SEGMENTECH are established partners of CyberArk. With this acquisition, Herjavec will further advance its privileged access management practice by putting CyberArk at the core, which enables a security-first approach to decreasing identity-led risk. This acquisition strengthens Herjavec Group's position as an Identity and Access Management leader and will benefit organizations seeking to fortify their cybersecurity defenses,CyberArk has strong relationships with both Herjavec and SEGMENTECH. Their commitment to investing in highly trained cybersecurity professionals, especially in the area of privileged access management, combined with expanded access to CyberArk-based Identity Security solutions, will dramatically improve security for our joint customers. Chris Moore, VP of Global Channel at CyberArk. Herjavec Group and SEGMENTECH customers will benefit from working with highly qualified professionals, including those who have achieved their Guardian certification, the highest level of CyberArk training and a proven track record of capabilities, ensuring enterprises can accelerate, improve, and manage their cybersecurity lifecycle. About Herjavec Group: Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world's most innovative cybersecurity operations leaders, and excel in complex, multi-vendor environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity and Access Management Services, Managed Security Services, Threat Management, and Incident Response. Herjavec Group operates across the United States, United Kingdom, India and Canada.

Read More