AUGUST 2022: Major Vulnerabilities Found on Apple Devices, Users Urged to Update Software

On Wednesday, August 17th, 2022, Apple released two security reports revealing significant vulnerabilities that give hackers complete access to certain devices, such as iPhones, iPads, and Macs.

We highly recommend you update your devices regularly to ensure the safety of your data and devices, and prioritize your organization’s cybersecurity.

“It’s important that companies have a patch management program to help them when zero days such as these come out,” shares Dan Pritzlaff, Director of Cybersecurity at Edge Networks.  “Apple did state that these vulnerabilities were being actively exploited, which makes them higher priority than your typical patch.”

 

What are the vulnerabilities?

The security reports highlight the two vulnerabilities found: WebKit, the browser engine that powers Safari, Mail, App Store, and other apps, and Kernel, which is the core of the device’s operating system. In short, these vulnerabilities give hackers the ability to execute any code and run any software as if they are you – the owner of the device.

 

Which devices are at risk?

Affected devices include:

  • iPhone 6S and later models
  • iPad including 5th generation and later
  • All iPad Pro models
  • iPad Air 2
  • Mac computers running macOS Monterey
  • Some iPod models (such as iPod Touch 7th Generation)

However, some models not listed may be at risk as well. 

 

Has anyone been affected by the vulnerabilities?

So far, there have been no confirmed reports where these vulnerabilities have been used against people or devices, and Apple has made no additional statements on the issue apart from the initial security reports.

 

How to Update Your Apple Devices after the August 2022 Security Reports

To update your iPhone, iPad, or iPod, go to “Settings”, “General”, “Software Update”, where it should show you the latest version (iOS 15.6.1) to download and install.

To update your Mac computer, go to “System Preferences” then “Software Update” to download and install the latest version (macOS Monterey 12.5.1).

If your Mac is running on an older operating system such as macOS Catalina or Big Sur, your device is not at risk. However, updating your devices regularly are still highly recommended.

 

Remember to Update Your Software Regularly

To ensure you always have the latest security updates, turn on Automatic Updates in your device’s General Settings. Learn more about how software updates can increase your cybersecurity below.

We highly recommend you update your devices regularly to ensure the safety of your data and devices.

Software updates are just one of the many facets of keeping your company safe from cyber-attacks. To learn more about the health of your business’s cybersecurity, take our free, self-guided IT security risk assessment today, or contact us for a free 30-minute consultation.

Centennial School District Compromised by Ransomware

On the News: Edge Networks Discusses the Centennial School District Cyber Attack

Recently, KATU News went on air to talk about a ransomware attack at Centennial School District in Multnomah County, Oregon, and asked Edge Networks’ Founder and CEO, Mark Tishenko, to share his thoughts. Mark warned that ransomware attacks are a growing threat, and anyone can be at risk. If you are the target of a ransomware attack, having a ransomware incident response plan is critical to recovery. When ransomware hits your business and you feel panicked, an incident response plan will give you a roadmap. 

Watch the news clip and read the article by KATU News here.
 

The Jump to Digital Learning

March 2020 was a time when many students across the United States learned they’d be getting an extra week or two of Spring Break. Excitement was the primary emotion as students prepared for their extended break, but no one foresaw what followed – COVID-19 sweeping the nation (and the world), forcing schools to shut down. The result? Digital learning. 

The jump to digital learning was quick and led to many problems rising to the surface, like a lack of accessibility to devices and internet connection from home and teachers having little time to restructure their curriculums and adapt to new technologies alongside their students. In fact, Statista Research Department found that there was a 1,087% increase in Education app downloads solely between March 2nd-16th, 2020, a figure that’s hard to envision. 

Additionally, Business of Apps found that over 90,000 schools across the United States used Zoom as their primary virtual learning platform at the height of the pandemic, which is a lot of unexpected usage for a single app. In April 2020 , news broke out that hackers had stolen over half a million passwords from Zoom. Sure, a password may not seem like a big deal, but a 2019 Google / Harris Poll study found that only 35% of people use a different password for every account, meaning 65% of people reuse the same password for multiple or all accounts. This means that it’s likely the majority of those stolen Zoom passwords were attached to other accounts, which puts more sensitive data at risk.

Click here to download a Password Best Practices E-Book!

The thought of an app as heavily used and popular as Zoom being the target of an attack should raise concern. With people all across the nation moving to online learning, and the rapid increase of unfamiliar technologies and time spent online, many were left confused, burnt out, and more vulnerable than ever. 

An empty classroom

 

The Centennial School District Cyberattack

In late April 2021 , the Centennial School District of Multnomah County, Oregon was the target of a ransomware attack and decided to shut schools down for a week. You might think shutting schools down for a week because of ransomware is an overreaction, but cybercrime shouldn’t be taken lightheartedly.

It was confirmed that the attackers stole, encrypted, and published data from the systems to the dark web, putting the sensitive information of the district’s faculty, staff, and over 6,000 students at risk. 

Since the attack, Centennial School District officials were able to bring some systems back online but were ultimately tasked with shifting their learning resources to paper packets to replace the digital technology temporarily. 

Let’s Back it Up – What’s the Deal with Ransomware?

Ransomware is an ever-evolving type of malware (malicious software) that encrypts important files and systems, holding them “hostage” until a ransom payment is made. Hackers will often threaten to destroy, leak, or sell the stolen data to receive their payment, which can range from a few hundred dollars to a few million.
 
In July 2020, a U.S. travel management firm, CWT, was attacked by hackers that demanded $10 million. The hackers argued that the price would be much lower than lawsuit expenses and reputation loss by leaking information, but the ransom was negotiated down to $4.3 million, still an extremely significant loss.
 
However, ransomware’s perils extend beyond financial loss. According to the Sophos State of Ransomware 2021 research, the percentage of businesses choosing to pay a ransom has climbed to 32% in 2021, up from 26% last year. Only 8% of those who paid the ransom received all of their data returned, while nearly a third, 29%, could not recover more than half of the encrypted data. In short, paying a ransom doesn’t guarantee a safe return of your data, which is why we recommend regular backups.
 
 
 
 
 
 
 
 

 

Where Do We Go From Here?

Though it may seem unlikely, the truth is: anyone with a device that holds important data and access to the internet is at risk of a ransomware attack, not just large organizations. The ransomware attack at CWT or the attack on Zoom may seem far in the distance, but local attacks happen too, like the one within the Centennial School District. These attacks, though unfortunate, offer crucial reminders for people to review their cybersecurity health. 

When asked how to best mitigate against ransomware, CEO and Founder of Edge Networks, Mark Tishenko, shared that network hygiene, vulnerability management, and backup and disaster recovery are essential and that trusting your SaaS or cloud provider just isn’t enough anymore. Additionally, employee awareness training is paramount to preventing ransomware.

 

Taking Steps in the Right Direction

Cyberattacks are constantly evolving, and it’s essential to implement preventative practices and build up a solid defense against them. If you are unsure where to go from here, we recommend taking our free, self-guided IT risk assessment to discover your vulnerabilities and receive tips on how to improve your cybersecurity, or  schedule a call with us for a free 30-minute consultation. 

Staying educated on ransomware trends can also help you stay one step ahead of cybercriminals.