data breachAre you familiar with the popular smartphone app, "Cash App"? You're not the only one who uses Cash App on their smartphone. It is extremely popular and is used by millions around the globe.

It is one of the most popular web products, making it a hot target. Cash App used to be known as Square. They submitted a file to the SEC (Securities and Exchange Commission), acknowledging that they were breached.

However, this was not a typical hacking attack. It was the result of an ex-employee accessing sensitive customer data before he left the company. According to the filing, the incident took place on December 10, 2021.

Evidently, the employee was able to access reports that contained customer information as part their job duties. The employee was able to access the information again after he left the company.

Cash App contains the following information:

  • The full names and addresses of all customers
  • Numbers of brokerage accounts (only for US customers)
  • Brokerage portfolio value
  • Brokerage portfolio holdings
  • Stock trading

Cash App launched an investigation and retained the services a third-party forensics company.

The incident details are not very detailed beyond that. We know that the ex-employee accessed records belonging to more than 8 million Cash App customers, current and past. The firm is also in the process to notify all affected users.

Cash App stressed, as is the norm in the aftermath an incident like this one, that they take customer safety very seriously and will be reviewing their cybersecurity processes in order to reduce the chance of another. Cash App stressed that future costs associated to the incident, based on the preliminary assessment, are almost impossible to predict.

If you are a Cash App customer, or a former Cash App customer, be sure to look out for a notification from the company in the event that you are one of those potentially affected by the breach.

Apple Devices: Zero-day Hack Solution

zero day attackIf you're an Apple user, you will need to download the latest security release.

Researchers discovered two zero-day problems in the wild, which are being addressed by the most recent release.

The flaws in question are CVE-2022, 2675 and 2674. The first flaw is with Apple AVD media encoder, which is out of bounds. The second flaw is with Intel Graphics driver. This would give an attacker kernel privileges and allow him to execute code.

All affected devices include the older iPhones, iPad Air, iPad Pro (all versions), iPad mini 4, and iPod Touch (7th Generation). Mac users running macOS Monterey could also be at risk.

You can protect your device's security by installing and downloading the necessary updates.

Apple has already released three zero day patches for this year, even though it is early 2022. These patches fix a total of five zero-day issues.

In January 2022, the company released its first zero-day patch. These patches allowed hackers to execute arbitrary code with kernel privileges and monitor web browsing activity real-time.

Apple released a patch in February that fixed a zero-day exploit that allowed hackers access to iPhones, iPads, and Macs. This could have led to system crashes or arbitrary execution.

It appears that 2022 is very similar to 2021. Apple faced an almost endless stream zero-day exploits last year and spent a lot of time trying to fix them. Let's all hope that this year will be a bit more peaceful.

Integrated Technology Systems can help you review your cybersecurity policies to keep your data secure from former employees. Call us today to see how we can help.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/