News & Notes: July 27, 2021

• Apple Issues Patches for CVE-2021-30807
  • Just about a week after Apple issued a series of patches for macOS, iOS & iPadOS devices, yet another series of patches has been released this week.
  • Yea Ching, ISC Handler (Twitter: @poppopretn) posted a diary alerting us to this new bug discovered by an anonymous researcher.
  • The issue revolves around the IOMobileFrameBuffer.
    • ”This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges. This issue may have bee actively exploited.”
  • For macOS Big Sur 11.5.1:
    • IOMobileFrameBuffer
    • Available for: macOS Big Sur
    • Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30807: an anonymous researcher
  • For iOS 14.7.1 and iPadOS 14.7.1:
    • IOMobileFrameBuffer
    • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
    • Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30807: an anonymous researcher
  • Apple Link1; Link2;

• No More Ransom saves almost €1 billion in ransomware payments in 5 years via Bleeping Computer

• There’s almost certainly a spy in your office – it could even be you via Tech Radar

• Relentless cyber attacks are putting financial pressure on hospitals: Fitch Ratings

• House panel advances slate of cybersecurity bills

• How Google Cloud plans to kill its ‘Killed By Google’ reputation
  • Quote: Starting Monday, Google will designate a subset of APIs across the company as Google Enterprise APIs, including APIs from Google Cloud, Google Workspace and Google Maps. APIs selected for this category — which will include “a majority” of Google Cloud APIs according to Kripa Krishnan, vice president at Google Cloud — will be subject to strict guidelines regarding any changes that could affect customer software built around those APIs. “It is built on the principle that no feature may be removed or changed in a way that is backwards incompatible for as long as customers are actively using it,” Krishnan said. “If a deprecation or breaking change of an API is unavoidable, then we are saying that the burden is on us to make the experience as effortless and painless as possible to our customers.”

• Officials who are US allies among targets of NSO malware, says WhatsApp chief

• Facebook and tech giants to target attacker manifestos, far-right militias in database

• The F.T.C. asks for an extension to refile its Facebook antitrust suit.

• Google publishes detailed timeline for Privacy Sandbox rollout in Chrome

• Software company’s unveiling of decryption key comes too late for many victims of devastating ransomware attack

• The threat of single vendor security is too high to ignore

• How to empower and prepare the next generation of cyber professionals

• Cybersecurity Isn’t Real, Right? Wrong!

• Florida’s unemployment site hacked, 57,000 accounts involved in data breach

• Servers & Storage Week: Six key trends shaping data management
  • “It’s estimated that 90% of data is never accessed again 90 days after it is stored. Not only does this unnecessary data fill already-saturated storage systems, it becomes a liability requiring ongoing management.”

• Google launches new Bug Hunters vulnerability rewards platform