Hey guys,

Today, I’m going to start sending out a daily roundup of security news from around the world. There are so many new stories and security alerts every day that just sending one alert every day makes no sense, so I’m going to do a roundup towards the end of each day here in Europe with a selection of the top security alerts and news pieces that you need to be aware of.

Let me know what you think about the new format. Ok, let’s get started.

Adobe Patches Critical Flaws in Reader, Acrobat

On Tuesday, software maker Adobe documented 35 security vulnerabilities in a wide range of products and urged users to pay immediate attention to critical severity bugs in its widely deployed Adobe Acrobat and Reader programs. As part of its scheduled batch of Patch Tuesday updates, Adobe patched a dozen security bugs in Acrobat and Reader and labeled several issues that expose users to code execution attacks as critical-severity.

Action for you: If you are a user of any Adobe products, make sure you update now, especially Adobe Reader.

Read more here: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

A recent report from SonicWall’s threat researchers has uncovered a concerning trend of malicious applications masquerading as reputable ones like WhatsApp, Instagram, and Snapchat. These fraudulent apps contain malware capable of seizing full control of your system and pilfering personal data. Vigilance is crucial when downloading applications to mitigate the risk of falling victim to such deceptive tactics.

Action for you:  Only download applications from one of the official application store such as Google play or the Apple App Store. Downloading from any third-party applications or stores is simply crazy as you can be nearly guaranteed that the applications will contain malware.

Read more here: https://blog.sonicwall.com/en-us/2024/04/android-remote-access-trojan-equipped-to-harvest-credentials/

Hacker claims to have stolen Dell customer data. 

A hacker named Menelik has taken responsibility for two recent data breaches targeting PC maker Dell. In the first breach, Menelik accessed a Dell online portal, stealing customer names, physical addresses, and order details. The second attack targeted a different portal, resulting in the theft of customer names, phone numbers, email addresses, and service reports. 

Actions for you: 

  • Utilize a password manager to generate and remember complex passwords, ensuring they’re unique for each account. Change compromised passwords immediately with robust replacements.
  • Implement 2FA using authenticator apps or physical security keys to add an extra layer of protection to your accounts, making them harder to breach.
  • Be cautious of potential phishing and spoofing attempts targeting your personal information obtained from data breaches. Monitor your emails and phone for suspicious activity.
  • Regularly check your credit reports from major services like Experian, Equifax, and TransUnion to detect any unauthorized activity. Consider freezing your credit to prevent fraudulent accounts or loans being opened in your name.

Read more here: https://www.zdnet.com/article/hacker-claims-to-have-stolen-dell-customer-data-heres-how-to-protect-yourself

WPS Office For Android Vulnerability Puts Over 500 Million+ Users At Risk

WPS Office is an office suite that is used by millions of people around the world as an alternative to Microsoft office and Google workspace. If you are user of the system you need to update it immediately as a critical vulnerability has been discovered. This vulnerability affect android users and if exploiters on your system could give a remote attacker full access to your device. 

Action for you:  Make sure you get the updated to version 17.0.0 for Android

Read more here: https://vuldb.com/?id.263932

Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days

It seems to be the week of zero day vulnerability is! Both Google and Apple issued fixes this week for actively exploited zero days and today it is Microsoft turn! The tech giant have issues patches for 61 flaws but two of these are critical so please make sure all of your Microsoft products are up-to-date.

Action for you: Update any Microsoft product you have.

Read more here: https://msrc.microsoft.com/update-guide/releaseNote/2024-May

Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android

Google and Apple are rolling out an anti-stalking feature for Android 6.0+ and iOS 17.5 that will issue an alert if someone is using a gadget like an AirTag or similar to clandestinely track the user. Basically, if someone places a hidden tracking tag in your bag, car, or something else that you take with you, and your phone or tablet detects that unpaired Bluetooth-based tag as you move around, it’s a clear sign someone’s trying to stalk your location using the secret tag, and your own device will alert you to it.

Action for you: Ensure you get the updated protection by ensuring your devices are up to date.

Read more here: https://www.theregister.com/2024/05/14/android_apple_devices_anti_stalking/

If you have any questions or need any support at all, let our privacy care team know. We are here for you 24 hours a day, seven days a week, 365 days a year.

All the best,
Stephen McCormack 🙂