ACTION ALERTS!!! Twitch hacked and other news! (Patreon)

There are a lot of threats happening this week in the world, with many targeting 2FA or OTP. Here are some of the big issues you need to look out for:

Twitch got hacked! You likely are not as affected by this as you'd think, as this affects mostly internal documentation for the company. But you should still update your settings (password, MFA, etc) just to be on the safe side. More info here:  https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor 

Telegram powered bots are trying to steal OTP 2FA codes through phishing attempts: https://www.zdnet.com/article/telegram-bots-are-trying-to-steal-your-one-time-passwords/

4.6 Million people were affected in this Neiman Marcus data breach that happened in May 2020. https://arstechnica.com/information-technology/2021/10/neiman-marcus-data-breach-impacts-4-6-million-customers/

Apple didn't respond efficiently to this vulnerability report via their bug bounty program, so a researcher disclosed it publicly. Apple AirTags aren't sanitizing the phone number field, which means an attacker could type valid XSS into that field, put it in lost mode, and drop it on or near a target to find it, opening up the potential for a target to get phished by a malicious website popup: https://arstechnica.com/information-technology/2021/09/apple-airtags-can-be-abused-to-direct-finders-to-malicious-websites/

This new Air Gapped Attack uses ethernet cables! https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html

Coinbase customers are being targeted by attackers using a MFA vulnerability: https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/

The FCC is proposing new laws to fight SIM swap attacks: https://www.bleepingcomputer.com/news/security/the-fcc-proposes-rules-to-fight-sim-swap-and-port-out-fraud/

Apple Pay has a flaw that is currently unpatched. It could allow an attacker to make unauthorized Visa payments with a locked iPhone: https://thehackernews.com/2021/10/apple-pay-can-be-abused-to-make.html

As I see new vulnerabilities, zero days, and updates occur I'll share those with you here as an Action Alert! If you ever see something that should be shared, post it in the community tab or on Discord!