Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2iOS 17.7.2 and iPadOS 17.7.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121754.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.JavaScriptCoreAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to arbitrarycode execution. Apple is aware of a report that this issue may have beenactively exploited on Intel-based Mac systems.Description: The issue was addressed with improved checks.WebKit Bugzilla: 283063CVE-2024-44308: Clément Lecigne and Benoît Sevens of Google's ThreatAnalysis GroupWebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to a crosssite scripting attack. Apple is aware of a report that this issue mayhave been actively exploited on Intel-based Mac systems.Description: A cookie management issue was addressed with improved statemanagement.WebKit Bugzilla: 283095CVE-2024-44309: Clément Lecigne and Benoît Sevens of Google's ThreatAnalysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7.2 and iPadOS 17.7.2".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmc9JGcACgkQX+5d1TXaIvqaMhAArOKmA61hgLNGofjznuKQo6Jc42iPl7a/ZiB2Tq5ynZKPIGmGiM3HdJQ8bbifOgpkmNcA3h1OUlXnnkbdehq6d8MzI9WSn6uHdgWZ5LqLMXOWgsEF5Hwwmm7zaqTaqMv4fV2J6w2wTcoL5XptxGXiEi37/GzcureD3hvL+nRAAzR6c/gRXmcEjGL7pVTNJA0C8VyY9kG+Uc7ia2m5Riux2jsYzWYppPfCwUFeo3bQDexG7WsiHa00OZN+HkNS5/1t/7hftJZ+w/PbVnEK23Dm962NQgCrcFKGnbjNGJQlIjl+xfbi6BuQ6lJJZAI+3WqPHXLAMCcae/DfERqXWnJu8fTMfCwCbQVx185Cih+mtH0oc4MtPtiZdhi8TxZpVGZHYjLJa9VANTrNzkAmFflnhAC4tAG2FXx3ld3t/8u9Fhv0oyTa5HlzVYJ/WJgK32eT7I1h7Oqrp49KZcMIM8H6ZwNXYOI+Rf7GXdEN2y9Qhb+IOvdilTrCTpzRl6Gu6fBwH0G0UGHRktnBPlryJdOg26J1iVBZg6/K/CSjQizWdDXN/Nq4YwI17Eq4HtFdtOtrs5n0bDz+fsfGbsieTyUz1BUet2xLzPECfD4nYEKmckD1d/dRylc3vK9YGOCp1nWDoPSKnmkU9Il2SFAIuEM9o60lCN7PMWBrC9zYXMAxFmY==+VKC-----END PGP SIGNATURE-----

Apple Security Advisory 11-19-2024-4

Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1iOS 18.1.1 and iPadOS 18.1.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121752.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.JavaScriptCoreAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to arbitrarycode execution. Apple is aware of a report that this issue may have beenactively exploited on Intel-based Mac systems.Description: The issue was addressed with improved checks.WebKit Bugzilla: 283063CVE-2024-44308: Clément Lecigne and Benoît Sevens of Google's ThreatAnalysis GroupWebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to a crosssite scripting attack. Apple is aware of a report that this issue mayhave been actively exploited on Intel-based Mac systems.Description: A cookie management issue was addressed with improved statemanagement.WebKit Bugzilla: 283095CVE-2024-44309: Clément Lecigne and Benoît Sevens of Google's ThreatAnalysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 18.1.1 and iPadOS 18.1.1".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmc9JA8ACgkQX+5d1TXaIvrGzw/+PXf2fGgzCN5of6OYK0sWiJRRLZoL0uSZ9dOaD7I0/CyAx91Mv4OyH9Vveo9k84ZABNk4IO401WWLM8XSRSVILTcskT+SdXZrtOMYvmtUHUPKI35OWf1GBFdkgfnnFSRYf/B+WWb4PV0iO01lyFQVU5qDLcrUCAUQLwighfAX2yEn+Zml3NX6i2E5o2Rhc93Nac5a2cIcOGOSKrwsor0sh8NkAl9DcyPW6i6K3t59lUjiUY9XZQtEi6AyrChA84mo6Hb8wLwVIY17b8LVuruOSn3xg+Cc5eO5bOXp1O5lnR3dhuiZ2bl5BKawrp8+MDRsBZuTPS0k2Di3rmzuZ/GnvaQdtQKhcbOQ7tWW6evk/8TnFwlULaCr26OVbuLj0NWJ7GJYWpPuRWO0lFy9z9Fjdk4n+ptA7qmSWrhbdl+/uwUxJA5X58pVRWeWBExGP3S/ST/5YgAfZXBjHuDLiHKMOtQ3PktaMuEWhLFgGXNllXGQDihL4lS/XUQ1/E+mpWyY+kAbjtmCYlpez5MgeLkVv66yEWhOhsBMNIM+jkkRjktJo2SfhJMSryNLQlY37zn/VWf8Av+L60YoZhoMmx7DJLIr+HI257zbIE35CVZ+badn18d3eA+fq3RPtsDD8nlUePyZeNhEvc30Y5hXsIyK+Z0Ny+JgJfP1E6BeAJjjci0==ifwz-----END PGP SIGNATURE-----

Apple Security Advisory 11-19-2024-3

PRESS RELEASE

TEMPE, Ariz. and PRAGUE, Nov. 21, 2024 /PRNewswire/ -- Norton, a leading Cyber Safety brand of Gen™ (NASDAQ: GEN), has launched the new Norton Small Business Premium, an all-in-one, easy-to-use cybersecurity plan specifically designed for entrepreneurs and small businesses. In addition to powerful device security, Norton Small Business Premium features 24/7 Business Tech Support, Financial Monitoring, Social Media Monitoring and more.

"More than half (56%)\* of small business owners report that cybersecurity threats impact their business. Unfortunately, not enough of these entrepreneurs and small businesses have cybersecurity in place, often due to their cost and complexity," said Leena Elias, Chief Product Officer at Gen. "Norton Small Business Premium not only takes the work out of securing your business, we also help when other IT issues crop up."

Cybersecurity is crucial for businesses to protect their sensitive data, networks, and digital assets from cyberthreats that can lead to unauthorized access to company networks, data breaches, financial losses, and reputation damage. To help protect businesses where they need it most, Norton Small Business Premium includes features such as:

*   24/7 Business Tech Support: Subscriptions include access to Norton experts five time as year. These experts are available 24/7 for remote IT support on your devices, network, and software.
    
*   Financial Monitoring: Get alerts so you can act quickly if we detect suspicious transactions on your company's bank accounts.   
    
*   Social Media Monitoring: Prevent your business social media profiles from being taken over by regularly monitoring for suspicious activities on your accounts. 
    
*   Device Security: Real-time antivirus helps protect your devices, and our firewall\* helps block cybercriminals from accessing your network.
    
*   Secure VPN: Work online and access websites more safely at home or on the go with bank-grade VPN encryption.
    
*   Additional features include Password Manager, Cloud Backup, performance enhancements and more.
    

Norton Small Business Premium doesn't require an IT specialist or cybersecurity knowledge to use. It's easy to install and runs seamlessly in the background on Windows, Mac, Android, and iOS, allowing you to focus on your business without slowing down operations. 

Norton recommends 10 tips for small business Cyber Safety: 

1.  Learn to spot signs of phishing and teach your employees
    
2.  Only click links or download attachments from known sources
    
3.  Avoid sharing personal information or private company data over email
    
4.  Always keep your operating system, applications, and drivers up-to-date
    
5.  Make sure your WiFi network is protected with a strong password
    
6.  Regularly back up your data
    
7.  Require employees to use a VPN when doing company work on a public WiFi network (think airports and coffee shops)
    
8.  Always use multi-factor-authentication for an extra layer of protection
    
9.  Don't neglect mobile devices – make sure they are password protected and use security software
    
10.  Invest in a cybersecurity solution such as Norton Small Business Premium
    

Norton Small Business Premium is available now with prices starting at $299.99/year with options for 6, 10 or 20-device plans. For more information, please visit norton.com/products/small-business.

About Norton   
Norton is a leading Cyber Safety brand of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom through its family of trusted consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner. Gen empowers people to live their digital lives safely, privately, and confidently today and for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy and identity protection to more than 500 million users in more than 150 countries. Learn more at Norton.com and GenDigital.com.

You May Also Like

Norton Introduces Small Business Premium for Business-Grade Security

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

Akhil Mittal, Senior Manager, Black Duck Software

November 21, 2024

6 Min Read

Source: Brain light via Alamy Stock Photo

COMMENTARY

Despite massive investments in cybersecurity, breaches are still on the rise, and attackers seem to evolve faster than defenses can keep up. The IBM "Cost of a Data Breach Report 2024" estimates the average global breach cost has reached a staggering $4.88 million. But the true damage goes beyond the financial — it's about how quickly your organization can recover and grow stronger. Focusing only on prevention is outdated. It's time to shift the mindset: Every breach is an opportunity to innovate. 

**Turning Breaches Into Opportunities**

Breaches are no longer theoretical. They're happening right now — AI-powered hacks, supply chain vulnerabilities, and social engineering make them inevitable. IBM's report shows that 83% of organizations faced multiple breaches last year. One retail client I worked with had the same mindset: focusing on prevention and detection alone. But after facing multiple breaches, the company flipped its approach — each breach became a learning opportunity. Instead of panic, the company built resilience.

**Strengthening Defenses After Each Breach**

Organizations need to shift from asking, "How do we stop breaches?" to "How do we get stronger from breaches?" Here are five strategies that I've seen make a significant impact: 

**1\. From Breach to Micro-Incident **

Not every breach needs to be a disaster. By treating breaches as micro-incidents, you can contain the damage and quickly move forward. With network segmentation and behavioral analytics, threats can be isolated and stopped from spreading. One financial client cut its recovery time by 50% by adopting self-isolating networks. When suspicious activity was detected, the network kicked into action, isolating the threat and stopping its spread. 

**2\. Stress Test Daily **

Running breach simulations once or twice a year is no longer enough. Leading organizations are stress-testing their defenses daily. This goes beyond testing — it's about actively rehearsing for real-world scenarios, ensuring your teams are battle-ready. Think of it like chaos engineering: You aren't just hoping for the best. You're deliberately looking for weaknesses so you can fix them before attackers find them. This approach helped another client find multiple weak points that were missed in its regular annual penetration tests. 

**3\. Minimize Human Intervention **

When a breach hits, speed is everything. Self-healing systems powered by AI automatically isolate compromised systems and begin repairs without the need for human intervention. One of my e-commerce clients cut its recovery time in half with self-healing technology. Its teams could stop putting out fires and focus on strategic long-term improvements. 

**4\. Adaptive Defense **

Every breach is an opportunity to learn and improve. One of the financial clients created a feedback loop that used AI-powered systems to analyze each breach. Machine learning models adapted defenses, spotting patterns in the attacks, adjusting firewall rules, and fine-tuning detection algorithms. Gartner predicts that by 2026, 30% of enterprises will automate more than half of their network activities, using AI to detect and respond to threats in minutes. 

**5\. Collective Defense **

No one fights cyber threats alone. A healthcare consortium I know began sharing real-time threat intelligence with other organizations. This collective defense approach helped it detect and stop attacks faster. Participating in networks like Information Sharing and Analysis Centers (ISACs) or using platforms like MITRE ATT&CK can boost defenses across industries by pooling insights and data. 

**Cybersecurity as a Competitive Advantage**

Resilience is the new competitive advantage. You can't prevent every breach, but how quickly you respond is what sets you apart. Accenture found that 87% of consumers trust companies that handle breaches with transparency and resilience. It's not the breach itself that builds trust, of course — it's how you respond. 

In industries like finance, healthcare, and technology, resilience not only helps you recover but also fosters customer loyalty. As cyber threats become more global, regulations like GDPR in Europe demand fast, transparent responses. In the Asia-Pacific region, rapid digital transformation is creating new attack surfaces. Wherever your business operates, resilience is key to success.

**Actionable Steps for CISOs**

Here's how chief information security officers (CISOs) can turn breaches into growth opportunities: 

*   Run continuous breach simulations: Make breach simulations part of your daily routine. Simulate phishing, ransomware, and supply chain attacks to identify vulnerabilities before real attackers exploit them. Leading companies, inspired by chaos engineering, run controlled breach tests every day, treating each one as an opportunity to fine-tune their incident response plans. 
    
*   Adopt self-healing systems: AI-powered self-healing systems minimize downtime by automatically detecting and isolating compromised systems, ensuring your business keeps running. With 24/7 monitoring tools, you can spot unusual behavior fast, allowing your teams to focus on strategic initiatives instead of reactive firefighting. 
    
*   Leverage AI-driven threat intelligence sharing: Join intelligence-sharing networks like ISACs to collaborate with peers. Real-time threat data allows organizations to stay ahead of emerging threats. Platforms like MITRE ATT&CK help teams analyze adversary behaviors, enabling them to fine-tune defense strategies. 
    
*   Prepare for quantum computing: While quantum computing is still emerging, it could eventually break today's encryption standards. Start preparing now by researching quantum-resistant encryption and staying informed on the latest industry developments. 
    
*   Create a resilience-first culture: Resilience shouldn't just be a buzzword — it must become part of your company's DNA. Encourage your teams to learn from every incident, find gaps in your defenses, and use them as opportunities to build stronger systems. Regularly debrief after breaches to reflect on what went right, not just what went wrong. This helps create a culture of continuous improvement, ensuring that your organization gets stronger after every incident. 
    

Resilience isn't just the CISO's job. CEOs and compliance officers also play crucial roles in aligning the entire organization with resilience strategies. Regulatory frameworks like Europe's General Data Protection Regulation (GDPR) and the US Portability and Accountability Act (HIPAA) demand transparent recovery protocols, and how leadership handles breaches impacts brand trust, shareholder confidence, and customer loyalty.

**Leading With Resilience**

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack. Companies that turn breaches into opportunities for innovation won't just survive — they'll lead. By adopting resilience-first strategies, continuous improvement, and adaptive defenses, your organization can turn security challenges into competitive advantages. 

**About the Author**

Senior Manager, Black Duck Software

Akhil Mittal is a recognized cybersecurity leader with more than two decades of experience in application security, cloud security, and DevSecOps. As a Gartner Cybersecurity ambassador and senior manager at Black Duck Software, he leads key security initiatives, helping global organizations strengthen their defenses against advanced cyber threats. Akhil has worked closely with chief information security officers (CISOs) and executive leadership to align security strategies with business goals, ensuring robust protection across industries. He also contributes his expertise through leading cybersecurity publications and serves as a judge for top industry awards and hackathons. Certified in CISSP and CCSP, his work continues to shape the future of cybersecurity, driving innovation and resilience worldwide.

Cybersecurity Is Critical, but Breaches Don't Have to Be Disasters

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users, including SSNs, personal details, and proof of service. Learn about the incident and its possible impact.

Forces Penpals, a dating service and social network for members of the US and UK armed forces and their supporters since 2002, was found leaking personal details of over 1.1 million registered users.

This issue was identified by Jeremiah Fowler, a prominent cybersecurity researcher recognized for uncovering and advising on securing **misconfigured cloud servers** and databases.

According to Fowler’s **report** for VPNmentor, shared with Hackread.com ahead of its publication on November 20, 2024, the data belonged to Conduitor Limited, which publicly trades as Forces Penpals.

****The Exposed Data****

The analysis revealed that the leaked information included both Personally Identifiable Information (PII) and sensitive images. Additionally, the exposed data contained Social Security Numbers (SSNs) of unsuspecting users. This echoes the August 6, 2024, breach at National Public Data, where a hacker leaked 3.6 billion records from users in the USA, Canada, and the UK, which also included billions of SSNs.

In the case of Forces Penpals, the server exposed the following data:

*   **Images**
*   **Locations**
*   **Full names**
*   **Mailing addresses**
*   **Social Security Numbers**
*   **National Insurance Numbers (Similar to SSN in the UK).**

Fowler noted that the server also contained additional data that should not have been exposed. This included documents such as proof of service, military ranks, the branch of service the individual belongs to, and other sensitive details.

> _“The publicly exposed database was not password-protected or encrypted. It contained a total of 1,187,296 documents. In a limited sampling, a majority of the documents I saw were user images, while others were photos of potentially sensitive proof of service documents.”_  
> 
> Jeremiah Fowler

Screenshot from the exposed data (Screenshot via VPNmentor)

****Current Status****

Forces Penpals has acknowledged the breach, attributing it to a coding error that misdirected documents and left a directory listing publicly accessible. The company has since taken steps to secure the database.

However, it is still unclear whether any malicious actors accessed the exposed information. Forces Penpals has yet to disclose the duration of the exposure or report any signs of suspicious activity.

It is also unclear whether the data was leaked through the website or the company’s iOS and Android apps. Nevertheless, this incident is a reminder for similar services to focus on data security and safeguard their users’ privacy from growing cyber threats.

1.  **Data Leak Exposes Indian Police, Military Biometric Data**
2.  **US military personnel defrauded into losing $822m in scams**
3.  **British Military’s Twitter and YouTube Hacked in Crypto Scam**
4.  **US Military Targeted by Smartwatches Linked to Data Breaches**
5.  **Misconfigured AWS Buckets Expose US Military Spying Campaign**

US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Source: Shahid Jamil via Alamy Stock Photo

Apple has released security updates to address two zero-day vulnerabilities that are under active exploitation in the wild.

The bugs, tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), are, respectively, a vulnerability in JavaScriptCore that could lead to arbitrary code execution; and a cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious Web content.

The bugs affect Apple's iOS, iPadOS, macOS, visionOS, and the Safari Web browser; the company reports that it has addressed them with better checks and improved state management.

Clément Lecigne and Benoît Sevens at Google's Threat Analysis Group (TAG) first discovered and reported the vulnerabilities and, as is customary for the company, Apple did not provide any additional details of reported attacks nor did it offer indicators of compromise (IoCs).

"Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems," Apple stated its advisory for both zero-days, the lone piece of information regarding in-the-wild exploitation attempts.

Those using affected Apple ecosystem products should update to iOS 18.1.1, macOS Sequoia 15.1.1, and  iOS 17.7.2 as soon as possible to avoid compromise.

**About the Author**

Apple Urgently Patches Actively Exploited Zero-Days

People are receiving disturbing emails that appear to imply something has happened to their friend or family member.

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end.

It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves.

A co-worker who received such an email pointed it out to our team. Looking around, I found the first report about such an email in a tweet dating back to February 5, 2024.

With some more information about what I was looking for, I managed to find several more.

There is a great deal of variation between the emails, but we do have enough samples to show you a pattern which looks like this:

Subject: Sad announcement: <First name><Last name>

Sometimes the colon is replaced by the word “from”.

Then a short sentence to pique the reader’s curiosity, which often references photos. Here are some examples:

> “When you open them you will see why I actually wanted to share them with you today”
> 
> “Never thought I would want to share these images with you, anyways here they are”
> 
> “I’m presuming you should remember these two ladies, in that photo”
> 
> “When I was looking through some old folders I found these 3 pics”
> 
> “it wasn’t initially my plan, but I had to change my mind about it”
> 
> “Two pictures that I wanted to share with you. They’re likely to bring a flood of memories to you, as they did to me…”
> 
> “Probably should have contacted you a little bit earlier. Anyways just wanted to keep you updated”

This is then immediately followed by a link. These also follow a certain pattern:

gjsqr.hytsiysx.com

tmdlod.vdicedohf.com

gtfhq.rmldxkff.com

pdbh.ramahteen.com

owwiu.dexfyerd.com

roix.unrgagceso.com

yrlbi.vohdsniuz.com

uqjk.mbafwnds.com

vjdbd.hhesdeh.com

mbjzo.enexoo.com

These domains are all registered with NameCheap and are only active for a few days.

To close the emails off, the scammers end with a quote in the format:

> “You do not find the happy life. You make it.” –  Camilla Eyring Kimball

The sender addresses are spoofed to look like they were coming from family or friends of the target. The actual sender addresses are compromised accounts from all over the world.

The campaign looks to have targeted mainly the US, but I also found some located in Ireland and the UK and some odd ones in India and Italy.

So, the question is, what are they after? The short-lived domains really made it hard for me to figure that out. It took me quite a bit to find a domain that was still active, but then I knew soon enough what the end-goal of the spammers was.

A short chain of redirects sent me to https://niceandsafetystore0990.blob.core.windows[.]net/niceandsafetystore0990/index.html which is now blocked by Malwarebytes Browser Guard.

The blob.core.windows.net subdomains are unique identifiers for Azure Blob Storage accounts. They follow this format:

<storageaccountname>.blob.core.windows.net

Where <storageaccountname> is the name of the specific Azure Storage account. Spammers like using them because the windows.net part of the domain makes them look trustworthy.

The website itself probably looks familiar to a lot of readers: A fake online Windows Defender scan.

The fake Windows Defender site shows that your system is infected with loads of threats.

Funny enough the site claims to be Windows Defender, but uses Malwarebytes’ detection names. For example: Microsoft does not detect the Potentially Unwanted Program which Malwarebytes detects as PUP.Optional.RelevantKnowledge.

Anyway, the website quickly takes up the entire screen, so you have to click or hold (depending on your browser) the ESC button to get back the controls that allow you to close the website.

Now that you have seen the patterns in the email, we hope that you will refrain from clicking the links. The redirect chain can be changed and may be different for your location and type of system. So, there may be more serious consequences than an annoying website.

**How to avoid the “sad announcement” scam**

*   Always compare the actual sender address with the email address this person would normally use to send you an email.
*   Never click on link in an unsolicited email before checking with the sender.
*   Don’t call the phone numbers displayed on the website, because they will try to defraud you.
*   If in doubt, contact your friend via another, trusted method

If your browser or mobile device “locks up”, meaning you’re no longer able to navigate away from a virus warning, you’re likely looking at a tech support scam. If something claims to show the files and folders from inside of your browser, this is another signal that you’re on a fake page. Close the browser if possible or restart your device if this doesn’t work.

Despite the occasional arrests and FTC fines for tech support scammers and their henchmen, there are still plenty of cybercriminals active in this field. Scams range from unsolicited calls offering help with your “infected” computer to fully-fledged websites where you can purchase heavily over-priced versions of legitimate security software.

Unfortunately for some people these warnings may have come too late. So what should you do if you have fallen victim to a tech support scam? Here are a few pointers:

*   Have you already paid? Contact your credit card company or bank and let them know what’s happened. You may also need to file a complaint with the FTC or contact your local law enforcement agency, depending on your region.
*   If you’ve shared your password with a scammer, change it on every account that uses this password. Consider using a password manager and enable 2FA for important accounts.
*   Scan your device. If scammers have had access to your system, they may have planted a backdoor so they can revisit whenever they feel like it. Malwarebytes can remove backdoors and other software left behind by scammers.
*   Keep an eye out for unexpected payments. Be on the lookout for suspicious charges/payments on your credit cards and bank accounts so you can revert and stop them.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 “Sad announcement” email leads to tech support scam 

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

To determine whether your Mac is Intel-based or equipped with Apple silicon, follow these simple steps:

*   Click the Apple icon in the top-left corner of your screen.
*   Select **About This Mac**.
*   Check the information:
    
    *   If you see an item labeled Chip, your Mac has Apple silicon (like M1, M2, or M3).
    
    *   If you see an item labeled Processor, it indicates that your Mac is Intel-based, and the specific Intel processor name will be listed next to it.

**Technical details**

Because Apple does not share details until everyone has had a chance to update, it is hard to figure out what the exact problem is. But there are some things we can deduct from the given information.

The vulnerabilities that Apple says may have been actively exploited on Intel-based Mac systems are:

CVE-2024-44308: a vulnerability in the JavaScriptCore component. Processing maliciously crafted web content may lead to arbitrary code execution. This means that an attacker will have to trick a victim into opening a malicious file containing web content.

JavaScriptCore is the built-in JavaScript engine for WebKit that enables cross-platform development by providing a way to execute JavaScript within native iOS and macOS applications.

CVE-2024-44309: a cookie management issue in the WebKit component was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross-site scripting attack.

**We don’t just report on macOS security—we provide it.**

Cybersecurity risks should never spread beyond a headline. Keep threats off your Mac by downloading Malwarebytes for Mac today.

 Update now! Apple confirms vulnerabilities are already being exploited 

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps.

The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living.

According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by “AI pimping,” it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans.

Elaina St James, an adult content creator who promotes her work on Instagram, said she and other adult content creators are now directly competing with these AI rip-off accounts, many of which use photographs and videos stolen from adult content creators and Instagram models. She said that while there may be other changes to Instagram’s algorithm that could have contributed to this, since the explosion of AI-generated influencer accounts on Instagram her “reach went down tremendously,” from a typical 1 million to 5 million views a month to not cracking a million in the last 10 months, and sometimes coming in under 500,000 views.

“This is probably one of the reasons my views are going down,” St James told us in an interview. “It's because I'm competing with something that's unnatural.”

Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, compiled a list of around 900 accounts that 404 Media reviewed in its investigation. Mantzarlis, who stumbled on one of these accounts while casually using Instagram, said he started researching the AI-generated influencer accounts because it might show us where AI-generated content is taking social media and the internet more broadly, where he sees a “a rising blended unreality.” Mantzarlis believes he could have easily found 900 more accounts and that the only reason he didn’t get more is that Instagram restricted the account he used to scrape the platform.

“It felt like a possible sign of what social media is going to look like in five years,” Mantzarlis said in an interview. “Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad.”

**The Accounts**

Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos.

Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a “virtual model & influencer” or stating “all photos crafted with AI and apps.” The other 40 do not include any disclaimer stating that they are AI-generated.

One of the bigger accounts in the latter category is “Chloe Johnson,” who has a verified account on Instagram and 171,000 followers. This account was deleted by Meta within the past few weeks.

Inside the Booming ‘AI Pimping’ Industry

An Artificial Intelligence model called Daisy has been deployed to waste phone scammers' time so they can't defraud real people.

A mobile network operator has called in the help of Artificial Intelligence (AI) in the battle against phone scammers.

Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up, because Daisy won’t.

Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an “easy” target. Playing on the scammers’ biases about older people, Daisy usually acts as a chatty granny.

According to Virgin Media O2’s press release Daisy has successfully kept numerous fraudsters on calls for 40 minutes at a time. To achieve this “Granny Daisy” will tell the scammers all about her passion for knitting, her cat Fluffy, and provide exasperated callers with false personal information including made up bank details.

The idea behind Daisy is two-fold. Not only does it waste the scammers’ time—time they could have spent defrauding real people—but it also raises awareness, through posts such as this one, that the person you are talking to on the phone could be very different from what you imagine.

Raising awareness about how AI can be used to deceive people is necessary: We’ve reported about how scammers have used AI used to fake voices of loved ones in a “I’ve been in an accident” scam to warn others about the scam.

Virgin Media O2 research learned that 67% of Brits are concerned about being the target of fraud and 22% experience a fraud attempt every single week. The Federal Trade Commission (FTC) received fraud reports from 2.6 million consumers in 2023, with imposter scams the most commonly reported fraud category.

The criminals often pretend to work for your bank or a delivery company that needs a payment before they can deliver a package, with the end goal of the victim disclosing their banking details.

It’s too bad that Daisy can’t intercept the calls from the scammers. For now, the scammers will have to call one of the phone numbers that Daisy answers, which have cleverly been circulated on contact lists known to be used by scammers.

If you’d like to hear Daisy in action here is a video with some actual audio.

Daisy was set up with the help of one of YouTube’s best known scam baiters, Jim Browning. Behind the scenes there are several people that enjoy being a real life time waster, but they can only occupy so many because their time is limited.

We asked Tammy Stewart, one of Malwarebytes’ researchers, who has made it a hobby to waste the time of phishers herself, and she was enthusiastic about the idea of having a “Daisy.” In fact, she’d like to have several and she thinks they could be very effective.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Tag

#ios