News
29 Sep 2017

The Friday Tech Takeaway - 29.09.17

 

When​ ​does​ ​deliberately​ ​turning​ ​off​ ​WiFi​ ​&​ ​Bluetooth​ ​not​ ​actually​ ​turn​ ​them​ ​off? One of the really nifty new features of iOS 11 is the easily-accessible Control Center that gives quick and customizable access to many system widgets. Among them are the three radios -- Cellular, WiFi and Bluetooth. Unfortunately, it has come to light that "Turning Off" the WiFi and Bluetooth radios from the Control Center, despite the appearance of doing exactly that doesn't actually do that at all. It simply drops the connections that the device has open... but the radios remain on, alive, and drawing power. https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off

​Smartphone​ ​GPS​ ​soon​ ​to​ ​jump​ ​from​ ​5m​ ​to​ ​30cm​ ​accuracy: WHILE consuming half the power AND operating within Urban "concrete canyon" environments. Broadcom is sampling the first mass-market GPS chip, their BCM47755, which has been included in some smartphones slated for 2018 release -- though that's all Broadcom would say. https://spectrum.ieee.org/tech-talk/semiconductors/design/superaccurate-gps-chips-coming-to-smartphones-in-2018

Bank Email Fraud Increases since Equifax Breach: A spate of bogus "secure message" emails from financial institutions are making the rounds, following the high-profile Equifax breach, according to a report released today by Barracuda. https://blog.barracuda.com/2017/09/28/threat-spotlight-email-malware-impersonates-secure-bank-messages/

Central banks seek better security on inter-bank payments: Central banks from major economies have suggested steps to advance the security of inter-bank messaging and payment systems, Reuters reports. The Committee on Payments and Market Infrastructures (CPMI) has called for banks to improve security to protect the financial system. http://www.reuters.com/article/legal-banks-regulation-cyber/central-banks-seek-better-security-on-inter-bank-payments-idUSKCN1C328L

Amazon owned Whole Foods suffer credit card breach: Whole Foods Market—acquired by Amazon for $13.7 billion in late August—disclosed Thursday that hackers were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues such as taprooms and full table-service restaurants located within some stores. https://thehackernews.com/2017/09/amazon-whole-foods.html

Apple Quietly Patches macOS Security Bypass Vulnerability: Apple appears to have silently patched a vulnerability in macOS that would have allowed attackers to bypass the operating system's built-in file quarantine system and execute malicious JavaScript code. https://www.bleepingcomputer.com/news/security/apple-quietly-patches-macos-security-bypass-vulnerability/

Russia Threatens to Ban Facebook While China Blocks WhatsApp With GFW Upgrade: Russian officials said they are considering a ban on Facebook from the start of 2018 unless the social network is willing to comply with the country's new privacy and user protection rules.

Chinese officials began blocking WhatsApp in mid-July when they managed to stop the sending of files and images and later blocked WhatsApp video calls. https://www.bleepingcomputer.com/news/technology/russia-threatens-to-ban-facebook-while-china-blocks-whatsapp-with-gfw-upgrade/

Internet Explorer Bug Leaks What Users Type in the URL Address Bar: Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar. This includes new URLs the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue. https://www.youtube.com/watch?time_continue=1&v=xyzd7PLqAV8

Proof-of-Concept Exploit Code Published for Remote iPhone 7 WiFi Hack: "The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," says Gal Beniamini, a member of the Google Project Zero security team. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip." https://www.bleepingcomputer.com/news/security/proof-of-concept-exploit-code-published-for-remote-iphone-7-wifi-hack/

Cisco releases security updates for its IOS Operating System: Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers. A closer look at the flaws addressed by Cisco show that the CVE-2017-12229 vulnerability that affects the REST API could be exploited by a remote attacker to bypass authentication and gain access to the web-based user interface of network devices running vulnerable versions of the IOS software. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi