| You probably associate information security with desktops and laptops, business computers, and servers in datacenters. Too often, we assume that our mobile devices are inherently more secure, probably because of how we interact with them. But this week’s security news includes warnings for iPhone and Android users. Just a reminder that no one is safe.
First, if you haven’t updated iOS, it’s time to do so. Earlier this week, we reported that iPhone users running iOS 18.4 to 18.7 are vulnerable to the “DarkSword” attack, which can collect personal data, steal it, and clean up behind itself within minutes. Security researchers have been warning about the attack since last November, because so far it’s been used largely as targeted malware by Russian state actors against Ukrainian iPhone owners. That said, it won’t be long before it’s used against others since it’s already in the wild.
Android users, you don’t get a break. If you’re a VPN user (and you should be), your VPN could be broken on your phone, and notable providers like Proton, Mullvad, TunnelBear, and others have been trying to get Google to fix it for months now. In short, updates from the Google Play Store prevent a VPN from working in the background as it should, leading the connection to drop, causing the user to assume their VPN isn’t working properly and to blame the service. Google acknowledged the issue but hasn’t done anything about it, likely because it doesn’t affect all VPN users. That said, Proton recommends reinstalling your VPN app manually if you run into the problem, so keep that in mind. While you’re at it, check out our VPN power user tips to boost your protection.
In other security news, hackers hit identity protection company Aura this week, making off with over 900,000 records of its users. It’s bad news whenever a security firm is breached, but in this case the situation is pretty familiar: one user’s business account was compromised through a phishing attack, and while company admins shut down the hacker’s access after about an hour, they still managed to get away with a lot of information, mostly names, phone numbers, email addresses, and customer service records. That data has already been spotted on the dark web, posted by a name you might recognize: ShinyHunters, the same ransomware gang that’s breached Grubhub, Google, and Pornhub, among others.
That’s a lot of hacks and vulnerabilities, and before we take a look at what else is going on around the web, here’s a reminder that the PCMag security team will be at the RSAC security conference next week, so expect even more news from the event. Here’s what we’re looking forward to seeing when we get there.
Until then, let's take a look at everything else that happened this week. |