Roberto Escobar Sues Apple for $2.6B Over iPhone Security

· Andrew Orr · Link

Generic image of lawsuit

Roberto Escobar, brother of Pablo Escobar, is suing Apple for US$2.6 billion. He claims someone hacked his iPhone and found his email through FaceTime. As a way to fight the company he’s also launching a limited edition iPhone 11 Pro 256GB, gold plated, for US$499.

According to the lawsuit, obtained by TMZ, Pablo’s brother bought an iPhone X back in April 2018, and he claims the security promise fell horribly flat. One year after buying the X, Roberto claims he got a life-threatening letter from someone named Diego, who said he found Roberto’s address through FaceTime.

In the suit, Roberto says he conducted his own investigation after receiving the letter, and found his iPhone had been compromised due to a FaceTime vulnerability.

Go to Settings > FaceTime. You can choose which address and phone number you let people contact you with, if you have multiple numbers and emails associated with your Apple ID. This won’t stop people from obtaining your address elsewhere.

Zerodium Pauses Purchases of iOS Exploits

· Andrew Orr · Link

Image of locks to suggest security and encryption

Zerodium is temporarily suspending its purchasing of iOS exploits due to a high number of submissions, with the CEO saying ”iOS security is f**ked.”

Zerodium is an exploit acquisition platform that pays researchers for zero-day security vulnerabilities and then sells them to institutional customers like government organizations and law enforcement agencies. The company focuses on high-risk vulnerabilities, normally offering between $100,000 and $2 million per fully functional iOS exploit.

Lazarus Group’s Dacls RAT Affects Macs for the First Time

· Andrew Orr · Link

Alert symbol of an exclamation point inside triangle

Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

The conclusion I’m drawing is that it’s unlikely to affect most Mac users.

Hacker Bribed Roblox Insider to Access Kids’ Data

· Andrew Orr · Link

Roblox logo

Motherboard reports that a hacker had bribed a Roblox insider to access the data of over 100 million users.

“I did this only to prove a point to them,” the hacker told Motherboard in an online chat. Motherboard granted the hacker anonymity to speak more candidly about a criminal incident.

Beyond just viewing user data, the hacker was able to reset passwords and change user data too […] The hacker said they changed the password for two accounts and sold their items. One of the screenshots appears to show the successful change of two-factor authentication settings […]

Proving a point my a**. This person tried to claim a bug bounty from Roblox. They denied it because he/she acted “more maliciously than a legitimate security researcher.” He messed with the accounts after denial, so his point was revenge.

Update: A Roblox spokesperson informed me that only a small amount of customers were affected, not 100 million, and immediate action was taken to address the issue. Additionally, it was a Roblox insider and not an employee.

Zoom Security Tips – TMO Daily Observations 2020-04-28

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Charlotte Henry joins host Kelly Guimont to discuss newly everywhere meeting service Zoom, and how hosts and attendees can stay safe.

Netatmo Smart Indoor Security Camera Patched After Security Issue Found

· Andrew Orr · Link

Netatmo Smart Indoor Security Camera

Following an investigation by PCMag and Bitdefender, a patch has been issued for the Netatmo Smart Indoor Security Camera.

The Bitdefender IoT Vulnerability Research Team discovered that the device is susceptible to an authenticated file write that leads to command execution (CVE-2019-17101), as well as to a privilege escalation via dirtyc0w—a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel’s memory-management subsystem.

Many smart home devices are notoriously insecure, and this is the main reason why I don’t have any of them (Besides my robot vacuum, but I explained my reasoning).

Change Your Linksys Smart Wi-Fi Password Now

· Andrew Orr · Link

Alert symbol of an exclamation point inside triangle

Linksys Smart Wi-Fi customers are being asked to change their passwords after hackers hijacked some accounts and changed router settings to direct users to malware sites.

The company decided to lock accounts and prompt a password reset because it couldn’t detect which accounts were hacked and which were not, and decided to act on all.

“Linksys is doing everything we can to make it tougher for the bad guys. But there are no guarantees,” Linksys said.

Russia Implicated in BGP Hijacking Incident This Week

· Andrew Orr · Link

Russian hacker in front of Russian flag

Russian telecom company Rostelecom is implicated in a BGP hijacking incident which rerouted network traffic from Akamai, Amazon, Facebook, Google, and others.

BGP stands for the Border Gateway Protocol and is the de-facto system used to route internet traffic between internet networks across the globe…

BGPMon founder Andree Toonk is giving the Russian telco the benefit of the doubt. On Twitter, Toont said he believes the “hijack” happened after an internal Rostelecom traffic shaping system might have accidentally exposed the incorrect BGP routes on the public internet, rather than Rostelecom’s internal network…

But, as many internet experts have also pointed out in the past, it is possible to make an intentional BGP hijack appear as an accident, and nobody could tell the difference.