In this week’s Cyber News roundup, we take a look at how some next-gen gamers were the target of a phishing attack, how WhatsApp may be the go-to place for privacy-loving users, and a few iPhone security flaws that were recently fixed.
Without further ado:
Gamers Hit by Phishing Attempt
Check in on your gamer friends right now — they may be going through a tough time. With the highly anticipated launch of the next-generation consoles from Microsoft (Xbox Series X/S) and Sony (PlayStation 5) due out in just a few days, your buddies are probably sitting in one of these two categories:
Those who failed to secure a pre-order for a new console at launch.
Those who successfully locked up a preorder, but are anxiously awaiting any details regarding their shipment.
We can’t do anything for those in the former group; sorry. But there is hope for those in Tier 2. Your consoles are not being delayed (yet).
As if folks in Australia don’t already have enough to worry about with terrifying spiders and yoked kangaroos, numerous customers who purchased their consoles from Amazon Down Under received a crushing email that cemented growing fears: They would not be getting a console at launch — not even close, according to the message.
“Due to Sony not delivering the agreed amount of Stock, your order for the PlayStation 5 console has been delayed until early 2021," the email read (via Press-Start Australia).
Heart. Break. City.
Except, as you might expect from the totally unwarranted capitalization of the word “Stock,” this email was not from Jeff Bezos. Amazon soon quelled the panic, stating that the emails those customers received were, in fact, fake.
“We take phishing, spoofing and smishing attempts on our customers seriously,” Amazon wrote in a statement to Press-Start Australia. “From time to time, customers may receive emails appearing to come from Amazon, which are actually false emails, sometimes called ‘spoof emails’ or ‘phishing emails’. These can look similar to real Amazon emails but often direct the recipient to a false website where they might be asked to provide account information such as their email address and password combination.”
Better yet, after roughly three months of being ghosted by Amazon, many customers who purchased their consoles from the massive retailer finally got the largely celebrated message. “Arriving November 12.”
Sleep well, Australia. Or try to, anyway. Spiders, after all…
WhatsApp gets more private
WhatsApp, powered by Facebook, was already one of the most popular messaging tools for those who wanted to maintain a certain level of privacy. Equipped with end-to-end encryption to ensure nobody but the people exchanging messages have the ability to read them (not even WhatsApp), WhatsApp was rightfully a go-to.
But the popular messaging platform is about to get a bit more useful for those who — for whatever reason — really want their conversations to remain private.
WhatsApp is taking a page out of the Snapchat playbook, offering its users the option to enable disappearing messages. It won’t be quite the same effect as Snapchat, which often deletes messages after users have read the message and left the interface. WhatsApp says users will have the option to automatically delete messages after seven days.
“We’re starting with 7 days because we think it offers peace of mind that conversations aren’t permanent, while remaining practical so you don’t forget what you were chatting about,” the company wrote in a statement. “The shopping list or store address you received a few days ago will be there while you need it, and then disappear after you don’t.”
Disappearing messages will need to be enabled on a per-chat basis. WhatsApp says users can expect the update to take place sometime this month.
iOS 14.2 brings new emojis (...and also some vulnerability patches)
Much of the attention Apple will receive this month will center largely around the release of its new lineup of iPhones. That, and the company’s Nov. 10 event, which is rumored to give consumers a first look at the sort of performance differences they can expect from the company’s transition to a proprietary chipset for its Mac lineup.
November will also bring us the latest iteration of Apple’s iPhone operating system: iOS 14.2.
iOS 14.2 unveiled a slew of new emojis that are bound to be a big hit with the iPhone faithful. It also quietly rolled out a handful of patches to some noteworthy vulnerabilities that Apple probably wants you to ignore.
Discovered by Google’s Project Zero security research group, the vulnerabilities are as follows:
CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device's kernel memory.
The security flaws are said to have been used in tandem, permitting outside individuals to infiltrate iPhones remotely. That’s, well, not good. But kudos to Apple for resolving the issue after having been made aware.
Did we miss any big cyber stories? Let us know in the comments below.
