Cybersecurity Weekly: Apple flaws, Azure vulnerabilities, hackers buying network access

Infosec_Sam · October 2020

Fifty-five new security flaws were reported in Apple software and services. Researchers find vulnerabilities in Microsoft Azure cloud service. Security staff are being forced to upskill in their own time. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Fifty-five new security flaws reported in Apple software and services

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws meant a bad actor could easily hijack a user's iCloud account and steal all the photos, calendar information, videos and documents, in addition to forwarding the same exploit to all of their contacts.
Read more »

2. Researchers find vulnerabilities in Microsoft Azure cloud service

Two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery attacks or execute arbitrary code and take over the administration server. This enables an attacker to quietly implant malicious phishing pages through Azure Portal to target system administrators.
Read more »

3. Ransomware gangs can buy network access in cyberattack shortcut

For prices ranging between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks across various industries.