Friday, January 3, 2025

 DoubleClickjacking is a sophisticated form of clickjacking that exploits a double-click sequence to bypass existing security measures. Here's a brief overview of how it works and why it's concerning:

How DoubleClickjacking Works

  1. Initial Setup: The attacker creates a website with a button that opens a new window.

  2. Prompting Double-Click: When the user clicks the button, a new window opens, prompting the user to double-click.

  3. Manipulating Windows: During the double-click sequence, the attacker manipulates the timing and event sequence to replace or close the top-level browser window.

  4. Unauthorized Actions: The second click unknowingly authorizes a malicious action, such as granting access to sensitive information or authorizing a transaction.

Why It's Dangerous

DoubleClickjacking is particularly dangerous because it can bypass modern web browsers' clickjacking protections by exploiting the brief interval between clicks. This makes it difficult to detect and prevent, leaving many online platforms vulnerable

Real-World Impact

  • Account Takeovers: Attackers can take over user accounts by authorizing malicious applications.

  • Unauthorized Actions: Users may inadvertently change critical account settings or initiate financial transactions.

  • Platforms Affected: Major websites relying on OAuth for account authorization, such as Salesforce, Slack, and Shopify, are vulnerable to this attack.

Wednesday, December 11, 2024

Microsoft Windows Patch Tuesday December 2024

 Microsoft windows Patch Tuesday for December releases patch/fix for 71 vulnerabilities.

Of the 71 fixes one is actively being exploited and another has a CVSS score of 9.8!

Very highly recommended to apply both the December and November patch set for Windows 11 and Windows 10.

Apple released iOS 18.2 and iPad 18.2 today December 11, 2024

This 18.2 iOS and iPadOS 18.2 Update contains 21 Security related updates!

iOS 17.7.3 to address 14 Security flaws

iPadOS 17.7.3 macOS Sequoia 15.2 macOS Sonoma 14.7.2
macOS Ventura 13.7.2 watchOS 11.2 tvOS 18.2 visionOS 2.2




 iOS18.2 feature list

iOS 18.2 brings several exciting new features and enhancements to your iPhone. Here are some of the highlights:

  1. Apple Intelligence Enhancements: This update includes major improvements to Apple Intelligence, such as ChatGPT integration with Siri, allowing for more natural and conversational interactions.

  2. Genmoji: Create custom emojis directly from your keyboard. You can describe the emoji you're looking for, and iOS will generate a new emoji based on your description.

  3. Image Playground: Generate fun and playful images based on text prompts, concepts, and people from your photo library.

  4. Visual Intelligence: Available on iPhone 16 models, this feature uses AI to analyze and understand what's around you through the camera.

  5. Mail App Redesign: The Mail app has been redesigned for improved usability, allowing you to sort emails into multiple categories.

  6. Find My Improvements: New options in the Find My app make it easier to locate lost items and share their location with others.

  7. Volume Slider on Lock Screen: You can now add the volume slider back to your lock screen for easier volume control.

Tuesday, November 19, 2024

Apple Updates November 19, 2024

 Major updates to Apple Products software today. November 19, 2024.

iOS 18.1.1, iPadOS 18.1.1, Sequoia 15.1.1 and others


UPDATE: Apple fixes/updates released today (November 19) address at least 2 vulnerabilities currently being exploited in the wild.
It is highly recommended to apply updates to any and all Apple devices for which updates are available. Initial reports of only Intel based Macs are thought to be untrue.

Details are scarce implying the threat is high. 

Saturday, November 16, 2024

Six US Banks report potential security breaches of debit cards November 15, 2025

 The US banks reporting security breaches of debit cards:
Mainstreet Bank, Savers Bank, The Village Bank, Watertown Savings Bank, Webster Five Cents Savings Bank and Eagle Bank say some debit cards may have been compromised following a security breach at
a merchant's payment card platform.

Breach notification

Says Savers Bank,

“We have been notified by MasterCard International of a suspected security breach of a merchant’s network, transactions that may have compromised some of Savers Bank’s debit card numbers.”

Affected customers at Eagle Bank and Savers Bank will receive new cards automatically.

Webster Five Cents Savings Bank offers fewer details on the source of the breach, but says it’s also issuing mandatory new debit cards.

Watertown Savings Bank is asking customers to be vigilant, issuing new cards upon request.

“The breach included the capture of some of your personal information, such as your name and card number…

…we do ask that you remain vigilant on monitoring your account activity for the next 12 to 24 months and report any unusual or suspicious activity immediately. If you prefer that we issue a new card please contact the bank.”

Mainstreet Bank says the breach occurred “June 28, 2023 through April 26, 2024” and involved personally identifiable or protected data.

Tuesday, October 29, 2024

Yet another Insurance service provider breached - Liberty Bankers Insurance Group.

 Serving American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.

Data compromised: names, addresses, dates of birth, social security numbers/tax identification numbers, driver’s license numbers/government-issued ID numbers, financial information such as credit card numbers, and medical and health insurance information.

Persons affected: individuals who at one time were a producer, policy-owner, insured, beneficiary, or payor for insurance policies which Landmark administered, or continues to administer, for Liberty Bankers Insurance Group.

Filings with the Texas and Maine attorneys general indicate 68,000 Texas affected. 

This information gives scammers the ability to provide personal information that allows persons to trust the scammers.

Friday, October 11, 2024

Mozilla Firefox Browser Emergency Update

 Mozilla Firefox browser has issued an emergency update to address a zero-day vulnerability.
 Firefox version 131.0.2 has this security update.
The vulnerability is in the Animation timelines with a CVSS of 9.8


 Mozilla has applied this emergency fix to the Extended Support Release editions of Firefox and the Tor browser.
Firefox ESR 115.16.1, Firefox ESR 128.3.1 and Tor 13.5.7