A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It's the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations.
The FBI partnered with an Australian security firm called Azimuth Security to gain access to an iPhone linked to the 2015 San Bernardino shooting, a new report from The Washington Post reveals. Before now, the methods the FBI used to get into the iPhone were kept secret. It was only clear that Apple wasn’t involved, as the company had refused to build a backdoor into the phone, kicking off a legal battle that only ended after the FBI successfully hacked the phone.
On March 2, Microsoft warned the world that a Chinese state-sponsored hacking group called Hafnium had infected what would turn out to be tens of thousands of Microsoft Exchange servers in a weeks-long hacking blitz. While Microsoft soon released a patch, not every victim updated their systems, and hundreds of servers remained exposed. A little over a month later, the Department of Justice has now revealed, the FBI took extraordinary steps to protect those still at risk.
Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the internet. Now a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.
WhatsApp has a big security issue right now, and it doesn't seem to be doing much about it. The app has seen its fair share of problems lately, including a mass exodus from the platform after it announced its new privacy policy requiring accounts to be connected to Facebook. It turns out that privacy isn't the only problem WhatsApp has to deal with, not that a huge security flaw has been discovered.
Security researchers have found over 500,000 Huawei smartphone users have downloaded applications tainted with the Joker malware that unwittingly subscribes users to premium mobile services.
The Joker family of malware has been infecting apps on Google's Play Store for the last few years, but this is the first instance of it cropping up on Huawei’s platform. Huawei users are currently unable to access the Google Play Store due to US trade sanctions, and instead use the company's in-house AppGallery platform.
Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.
WhatsApp users have been warned of a scam that involves a hard-to-spot malicious message that appears to come from someone on your contact list.
The scam works when hackers send a user a code via text on their smartphone, followed by a WhatsApp message from someone on their contact list. When the “friend” asks the recipient to share the code, the hacker can easily access their WhatsApp account.
Cyberattacks continue to grow in prevalence and sophistication. With the ability to disrupt business operations, wipe out critical data, and cause reputational damage, they pose an existential threat to businesses, critical services, and infrastructure. Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate artificial intelligence (AI). What’s known as “offensive AI” will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.
The scraped data of over 500 million LinkedIn profiles has been put up for sale on a popular hacker forum.
The post's author has leaked two million records already as proof of the existence of the much larger data trove, as reported by Cybernews. The data, which is spread across four files, is said to include full names, email addresses, phone numbers, and information related to their place of work.
