Weekly Security News – 1st January 2024

Welcome to this week’s Security News and a Happy New Year to all of our readers! We hope 2024 has some awesome things in store for you!

If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Most Sophisticated iPhone Hack Ever Exploited Apple’s Hidden Hardware Feature

The Operation Triangulation spyware attacks targeting Apple iOS devices have been identified as using unprecedented exploits, allowing them to bypass crucial hardware-based security measures implemented by Apple. Discovered by Russian cybersecurity firm Kaspersky in early 2023, the campaign is described as the “most sophisticated attack chain” observed by Kaspersky to date. The attacks, believed to have been active since 2019, signify a high level of sophistication in cyber espionage, raising concerns about the capabilities of threat actors to circumvent even advanced security protections on iOS devices.

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor, named Xamalicious by the McAfee Mobile Research Team, has been identified, possessing powerful capabilities to execute various malicious actions on infected devices. The malware is developed using the Xamarin open-source mobile app framework and exploits the accessibility permissions of the operating system to achieve its goals. Xamalicious is capable of collecting metadata about the compromised device and establishing contact with a command-and-control (C2) server to retrieve a second-stage payload. However, it only proceeds with this action after ensuring that the device meets specific criteria. The discovery highlights the ongoing challenges in Android security and the need for vigilance against sophisticated threats.

Cyber Attacks

Major Cyber Attack Paralyzes Kyivstar – Ukraine’s Largest Telecom Operator

Ukraine’s largest telecom operator, Kyivstar, has fallen victim to a “powerful hacker attack,” resulting in disruptions to customer access for mobile and internet services. The cyberattack has had a widespread impact across all regions of Ukraine, with a notable effect on the capital. According to NetBlocks, the disruption has also led to knock-on impacts on the air raid alert network and the banking sector. Kyivstar, owned by the multinational telecommunications company VEON, serves nearly 25 million mobile subscribers and over 1 million home internet customers. Efforts are underway to restore connectivity and address the consequences of the cyber incident.


iPhone 0-click spyware campaign ‘Triangulation’ detailed

Researchers have revealed additional details about a sophisticated campaign involving full-featured spyware targeting iPhones. The complex exploit chain exploited four separate vulnerabilities, and notably, the zero-click attacks made use of a flaw in an undocumented Apple hardware security feature. This flaw allowed attackers to manipulate the contents of secure memory, leading to the complete compromise of iPhones and potentially other Apple devices. The disclosure sheds light on the advanced techniques employed by threat actors to compromise iOS devices, emphasizing the importance of ongoing security measures and updates to protect against such sophisticated attacks.

Hackers see wealth of information to steal in children’s school records

The education community, which includes students, teachers, parents, staff, and all those associated with it, is facing a dual challenge. Apart from the persistent threats to physical safety that have been a concern, there is a growing issue of non-lethal threats that have significant impacts. This could include various forms of cyber threats, harassment, and other challenges that, while not directly endangering lives, can have substantial consequences for the well-being and functioning of the educational system. The multifaceted nature of these threats underscores the importance of addressing both physical and non-physical safety concerns within the education sector.

NASA launches cybersecurity guide for space industry

NASA has released its inaugural Space Security Best Practices Guide, a 57-page document aimed at improving cybersecurity for upcoming space missions. The guide addresses concerns regarding the increasing threats posed by hackers to satellite networks and other space initiatives. In August, the FBI, the National Counterintelligence and Security Center, and the Air Force Office of Special Investigations issued warnings about foreign intelligence entities using various measures, including hacking campaigns, to infiltrate and undermine the space industry. The guide from NASA reflects a proactive approach to enhance security practices and protect space missions from cyber threats.