InfoSec Dot - Issue #19. 🛡️Temu's Breach Denial | 🍏 Apple Drops NSO Lawsuit | 💥Pager Explosions

In partnership with

Hi there,

Welcome to this Thursday's quick update edition of InfoSec Dot!

Since our comprehensive Monday newsletter, the cybersecurity world has seen several urgent updates. Temu's denial of a significant data breach despite hacker claims, Apple’s strategic retreat from a lawsuit against the infamous NSO Group, and a harrowing attack involving explosive pagers in Lebanon and Syria. Each story is a reminder of the evolving challenges and complexities in our digital world.

Lets get started for this quick update.

For Those Who Seek Unbiased News.

Be informed with 1440! Join 3.5 million readers who enjoy our daily, factual news updates. We compile insights from over 100 sources, offering a comprehensive look at politics, global events, business, and culture in just 5 minutes. Free from bias and political spin, get your news straight.

Join for free today!

🗓️ What’s New

Explosive Pagers in Lebanon and Syria: A Deadly Attack

Hundreds of pagers exploded in Lebanon and Syria, resulting in numerous casualties. These devices, embedded with small explosives, targeted various individuals, including Hezbollah members. The suspected orchestration by Israel highlights significant security concerns regarding supply-chain vulnerabilities in modern conflict zones. Read More (5 Mins)

More on this:

6 Questions About the Deadly Exploding Pager Attacks in Lebanon, Answered

Walkie-talkie explosions spark fresh day of chaos in Lebanon

Liminal Passes Security Audit Post-WazirX Breach

Following the WazirX breach, Liminal underwent an independent security audit by Grant Thornton and confirmed no vulnerabilities in its systems. The review was part of a comprehensive investigation into the security integrity of Liminal's self-custody wallet services, assuring that client transactions remain secure despite external breaches affecting the wider crypto industry. Read More (3 Mins)

Zero-Click Vulnerability in macOS Calendar Exposes Data

A severe zero-click vulnerability was identified in macOS Calendar, enabling attackers to execute malicious code and potentially access iCloud data. Dubbed CVE-2022-46723, the exploit manipulates calendar invites to bypass filename sanitization, allowing file operations outside designated directories. Primarily affecting macOS Monterey 12.5, the flaw was patched in macOS Ventura 13.0, highlighting critical gaps in Apple's sandbox security measures. Read More (4 Mins)

ServiceNow Knowledge Bases Expose Sensitive Data

AppOmni's investigation revealed significant data exposure risks within enterprise ServiceNow instances, primarily due to outdated configurations and misconfigured access controls in Knowledge Bases (KBs). Despite ServiceNow's security updates, over 45% of tested enterprise KBs still inadvertently exposed sensitive data. This widespread vulnerability underscores the critical need for organizations to regularly update their security protocols and understand the configurations that govern KB access. Read More (12 Mins)

Dr.Web Stops Cyber Attack on Its Network

Dr.Web successfully defended against a cyber attack aimed at its network on September 14. The company took immediate action, ensuring that none of its protected systems were affected. All company resources were temporarily shut down for investigations, delaying the release of virus database updates. Dr.Web is now using a specialized Linux tool, Dr.Web FixIt!, to further analyze and manage the aftermath of the attack. Read More (2 Mins)

Temu Denies Data Breach Amid Hacker Claims

Temu, an e-commerce platform, has refuted allegations of a data breach after a hacker claimed to have stolen 87 million customer records. The hacker attempted to sell the data on a cybercrime forum, providing samples as proof. However, Temu has cross-checked these samples against its database and found no matches, asserting that the claims are false and threatening legal action against those spreading the misinformation. Read More (3 Mins)

Apple Withdraws Lawsuit Against NSO Group

Apple has decided to drop its lawsuit against NSO Group, the cybersecurity company known for its spyware. The decision was influenced by concerns that continuing the legal battle would risk exposing sensitive security measures designed to combat spyware. Apple expressed difficulties in obtaining necessary information from NSO and concerns about potential leaks of their anti-exploitation strategies during the lawsuit. Read More (4 Mins)

🔗 Quick Links

• How to Investigate ChatGPT activity in Google Workspace

• How to Make Millions as a Professional Whistleblower

• URL validation bypass cheat sheet

• Microsoft is building new Windows security features to prevent another CrowdStrike incident

• Apple is well on its way to making iPhones theft-proof

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot