Vulnerabilities in Dell SupportAssist
Researchers discovered four critical security flaws in Dell SupportAssist's BIOSConnect feature, affecting 129 Dell models of consumer and business laptops, desktops and tablets. The flaws allow attackers to remotely execute code in the BIOS of vulnerable devices, of which there are around 30 million.
The researchers uncovered a chain of issues with a CVSS base score of 8.3/10 that allows remote attackers to impersonate Dell.com to take control of the device and bypass security protections.
Dell has released an update to the BIOS/UEFI and should be installed immediately using a different method and not SupportAssist.
Google security update may break shared links
Google will soon be releasing an update to Google Drive to improve security, but it may render previously shared file links useless.
The update is security orientated and in the grand scheme of things, when it comes to securing your data, it's a minor inconvenience to reshare or request access again to those files.
The update rolls out in September 2021, so just be aware if suddenly your Google Drive file links stop working, this is likely the cause.
The iPhone bug that breaks your Wi-Fi
A new iPhone bug has been discovered that disables your iPhone's wireless capabilities just by connecting to a WiFi hotspot named in a particular way.
When the bug is activated, your iPhone will be unable to connect to WiFi, even if it is rebooted or the WiFi hotspot is renamed.
It was actually discovered completely by accident when someone named their Wi-Fi hotspot %p%s%s%s%s%n and connected to it.
This type of bug can be used by attackers but fortunately, there is a fix.
There is an option in settings to reset network settings and doing so fixes the problem.
700 million LinkedIn users data leaked
Not long after LinkedIn suffered a leak back in April of 500 million users, it has happened again. This time 700 million users have had personal information scraped from the popular business social networking platform.
The data stolen includes full names, emails, phone numbers, genders and information about the companies they have worked for or are currently working for.
Such information can be used in phishing so expect an increase of phishing attempts using the stolen LinkedIn data.
Phishing is among the most successful techniques used by criminals to get credentials and steal data, as those without a good understanding of IT or awareness of cybersecurity will fall for it.
You can increase your employee's awareness and ability to spot phishing attempts through training and educational phishing testing. This is something we offer as a subscription service at WV Solutions; we can provide cybersecurity awareness training for your staff and deliver mock phishing emails in a safe and educational way that will improve their ability to identify phishing and protect your valuable data.
Please contact us for a quote!
That's all for now, stay safe.