Data breaches may ultimately be out of your control, as you have to hope the organizations holding your personal data have the proper security measures in place to protect your information.

However, there are cyber threats you can protect yourself from, and the ways to do so can be rather easy to follow.

By keeping your eyes peeled for phishing threats, and keeping your devices up to date, you can reduce your risk radius and ensure you are doing your part to keep your information safe and sound.

In this installment of the BlackCloak Thursday Threat Update, we’ll cover security updates released by Apple to patch vulnerabilities and a strain of malware targeting Android devices.


Apple issues patches to address zero-day vulnerabilities

What we know: Apple has issued a series of security updates for its devices to patch three zero-day vulnerabilities that have been actively exploited. The tech company released the updates for iPhones, Macs, iPads and Apple Watches. Apple has now patched 16 zero-day vulnerabilities in 2023.

Recommendations: If you have an Apple device, it’s imperative that you install these updates as soon as possible. Apple has confirmed that these vulnerabilities have been exploited and you do not want to leave your device at risk. Additionally, it’s a good idea to check Apple’s webpage listing out all of the security updates it has issued. The page includes when patches are released, and the devices that need to be updated.


“Xenomorph” malware targets Android devices

What we know: Cybercriminals have launched a new campaign featuring the “Xenomorph” malware. This form of malware has targeted Android devices in the past, and has predominantly been seen in Europe. However, researchers have found it has started to target the U.S. customers of several notable banks, including Case, Citi Mobile, Bank of America and Discover Mobile, as well as crypto wallets, including Bitcoin and Coinbase. At first, the malware was distributed via apps on the Google Play store, but now has been delivered through phishing pages.

Recommendations: Similar to Apple users, make sure you stay on top of patches, as they may contain important security updates that can protect your device. Also, pay very close attention to any pages that ask you for login credentials or personal information. Cybercriminals can set up fake web pages that look very similar to those found on legitimate websites. One way to check is by looking at the website URL. Phony web pages may contain spellings that look just close enough to the real website to trick users into believing the website is legitimate. Or, the spelling may be the same, but the phony website uses a different domain ending. This is a practice known as “typosquatting,” and it’s why you need to look at website URLs carefully before proceeding.


Learn about cyber threats and where your data many be

Staying up-to-date on device updates is a great way to protect yourself, and another way to do so is to learn about how certain cyberthreats work and where your data is located online.

Learn how phishing plays a part in social engineering attacks, and how data brokers can be leveraged by bad actors.