Security

From Luta Security's blog post:

Gather around folks, it's hacker story time, and today I want to tell the tale of how I hacked Clubhouse. It's a new social app that’s rocketed to popularity by facilitating live, audio-only group chats in virtual rooms. The app's viral popularity has vaulted its company to multiplatinum unicorn status. Recent valuations peg Clubhouse to be worth upward of $4B.

Ransomware group REvil claimed in a blog post published on Tuesday to have stolen blueprints for Apple's latest products. On the same day, Apple CEO Tim Cook announced multiple new products at an online event.

Quanta Computer Inc. acknowledged the attack in a statement made to Bloomberg, stating that the company's information security team worked with external experts to deal with cyber attacks on a small number of servers. The company also told Bloomberg that there has been no material impact on business operations.

The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used the Microsoft compromise to attack customers.

Still smarting from last month's dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public.

For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—creator of the Signal messaging app—has turned the tables on Cellebrite.

Last year, we first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign.  This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_x64 Macs, as well as other notable payload changes.

The Lazarus group has tweaked its loader obfuscation techniques by abusing image files in a recent phishing campaign. Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea.

Known as one of the most prolific and sophisticated APTs out there, Lazarus has been in operation for over a decade and is considered responsible for worldwide attacks including the WannaCry ransomware outbreak, bank thefts, and assaults against cryptocurrency exchanges.

Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said.

Microsoft recently announced the Surface Laptop 4. The newest member of the Surface family has plenty of options, including allowing people to choose an AMD or Intel CPU as well as either a 13.5-inch or 15-inch body. To protect the Surface Laptop 4 and any information people store on it, Microsoft built in several security measures. Microsoft breaks down the security features in a recent post. Specifically, the post breaks down the security elements of the AMD-powered Surface Laptop 4.

If you don't have enough to worry about already, consider a world where AIs are hackers.

Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long.