/ 02.01.19 / Alan Hernandez

Weekly Cybersecurity Report - FaceTime Vulnerability Allows Eavesdropping

Share This Post:

Weekly Cybersecurity Report - FaceTime Vulnerability Allows Eavesdropping

FaceTime Group Call Bug Allows Users to Eavesdrop On Their Friends

darkreading.com- Author: Kelly Jackson Higgins - Date: January 29th, 2019 

A glaring security flaw that was discovered earlier this week has sent waves across the Apple community. The vulnerability allows a Group FaceTime caller to access another users' microphone while the call dials. There have even been reports of users being able to actually see the other user through their camera without them picking up. This vulnerability showcases how even a company like Apple, known for their advanced security features in its software, can miss security issues in their products even after testing.


Possible Record Breaking DDoS Attack Exceeds 500 Million Packets Per Second

darkreading.com- Author: Jai Vijayan - Date: January 30th, 2019 

Earlier this month Imperva, a security vendor, mitigated an attack against one of its clients that exceeded a whopping 500 million packets per second! This attack would possibly be largest DDoS attack by packet volume ever recorded. The attack was enacted through an attack method called ‘SYN flood’, in which the attacker attempts to overwhelm a target computer by sending it a large number of TCP connection requests before the targeted machine has time to process them.


US Authorities Notify Victims of North Korean Joanap Botnet Malware

infosecurity-magazine.com- Author: Phil Muncaster - Date: January 31st, 2019 

US authorities have begun notifying victims of a notorious North Korean Botnet, Joanap. A court order allowed the FBI and officers from the US Air Force Office of Special Investigations to operate servers posing as peers of the botnet in order to map out how extensive the botnet is and to then notify owners of the infected machines most of whom have no idea that they were unwittingly aiding a foreign power’s hacking campaign, that their machine has been compromised. The Joanap botnet has been up and running since 2009, and mostly targets poorly secured Windows machines.


‘Total Donations’ Wordpress Plugin Has No One To Legitimately Patch Security Vulnerability

infosecurity-magazine.com - Author: Kacy Zurkus - Date: January 29th, 2019 

WordPress plugin, ‘Total Donations’, has reportedly been compromised by attackers who are leveraging a zero-day exploit to gain administrative access to affected WordPress sites. All versions of the Total Donations plugin are reported to be affected. To make matters worse the creators of Total Donations cannot be reached to provide any fix to the vulnerability. The plugin’s homepage has been in a state of limbo displaying a “coming soon” page featuring a mockup image of a new website. The upload path of the image suggests that the site has been in this state since May of 2018.


Caught on Camera! Professional Thief Steals from Former Olympian



upi.com- Author: Ben Hooper - Date: January 15th, 2019 

We get some of the most amazing clips from home installed security cameras. This week we take a look at how one brazen fox stole one of a kind 2016 Olympic flip flops from former Olympian’s front porch in Melbourne, Australia. Check out the video in the link below!


Posted by Alan Hernandez