It's been a busy end of September and beginning of October, and we wanted to alert you to a few recent security issues impacting Apple, Coinbase, Neiman Marcus Group, and Google Chrome users.
Apple Zero-Day
Apple has issued another security update to select iOS, iPadOS and macOS operating systems, and is advising users to download them as soon as possible. The updates fix a vulnerability we previously told you about in September that impacted other versions of iOS and macOS. The vulnerability allows malicious actors to infiltrate a user's phone or computer, even if they never click a single link.
What Devices Are Affected?
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) running 12.5.4 or earlier.
Mac computers running macOS Catalina.
What To Do About This?
If your device has an update available, update immediately. Here's how:
Mobile Devices: Go to Settings > General > Software Update (Download and Install iOS 12.5.5 or iPadOS 12.5.5)
Mac Computers running Catalina: After ensuring your computer is backed up: - In the Apple menu in the corner of the screen, click System Preferences - Next, click Software Update and select Update for Security Update 2021-006 Catalina.
Coinbase Security Breach
The popular cryptocurrency exchange, Coinbase, notified affected customer last week of a vulnerability that allowed bad actors to bypass the company's SMS multi-factor authentication, access customer accounts and steal cryptocurrency from those users.
Who Was Affected?
Around 6,000 Coinbase users have been notified of the incident. In order to compromise an account, the bad actors needed a user's:
Email address, password and phone number for the Coinbase account as well as access to the user's email address.
While it is unclear how the hackers gained access to this information, speculation currently centers around a possible phishing attack.
What Should You Do?
If you've been notified by Coinbase:
Change the password for your email account and Coinbase account as soon as possible.
If you are using SMS-based multi-factor authentication to access your Coinbase account, consider using an authenticator app to enhance the security.
Neiman Marcus Customer Breach
Almost five million Neiman Marcus and Last Call customers are being notified of a breach that impacted their personal and payment card information. Neiman Marcus immediately jumped into action by notifying law enforcement and engaging with a security firm to investigate once they learned of the incident.
What Happened?
In May 2020, an unauthorized party gained access to customer names, contact information, payment card numbers and expiration dates (without CVVs), virtual gift card numbers, usernames, passwords, security questions, and answers associated with Neiman Marcus online accounts. To date, there is no evidence that Bergdorf Goodman or Horchow online customer accounts have been affected.
What Steps Should You Take If You Have A Neiman Marcus Group Account?
Reset the password for your Neiman Marcus account. While Bergdorf Goodman or Horchow online accounts don't appear to be impacted, we'd recommend resetting those out of an abundance of caution.
Do you use the same password other online accounts? If so, change change those as well to something unique and different.
Update the security questions and answers for your online account. Additionally, if you use those same questions and/or answers for other online accounts, update those as well.
Google Chrome Zero Day Vulnerabilities
Google is advising all two billion Google Chrome users to update their browsers as soon as possible to protect themselves against two zero-day exploits that could be leveraged by attackers.
How To Update Your Chrome Browser?
Open Google Chrome and navigate to Settings > Help > About Google Chrome.
If your Chrome version is 94.0.4606.71 or higher, you are running the latest patched version and are safe.
If you see an option to update and/or relaunch, do so immediately. After updating, you want to make sure you relaunch/restart the browser to ensure the security patches take effect.
Google was staggering the roll-out of the patch. Be sure to check back regularly if you don't see the new version available yet for you.
As always, if you have any questions, please let us know by emailing us at ask@BlackCloak.io. We are happy to help!
