Security

The spate of cyber attacks launched by suspected Russian hackers through compromised SolarWinds software have no easy fix and the effects will be felt for years to come, says security company FireEye.

FireEye, one of the first to spot the activities of the hackers on its systems in December, said the multi-faceted, multi-layered nature of the hack involving several different types of malware, together with the sophistication of the attackers means that admins will find it very hard to know whether their systems are clean or if they are still vulnerable to further intrusions.

DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over HTTPS is known, encrypts requests and responses using the same encryption websites rely on to send and receive HTTPS traffic.

Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Since Facebook acquired WhatsApp in 2014, users have wondered and worried about how much data would flow between the two platforms. Many of them experienced a rude awakening this week, as a new in-app notification raises awareness about a step WhatsApp actually took to share more with Facebook back in 2016.

New Zealand’s central bank said Sunday that one of its data systems has been breached by an unidentified hacker who potentially accessed commercially and personally sensitive information.

A third party file sharing service used by the Reserve Bank of New Zealand to share and store sensitive information had been illegally accessed, the Wellington-based bank said in a statement.

Speaking to Axios, Facebook’s head of security policy Nathaniel Gleicher has revealed that the firm plans to roll out support for hardware keys which people can use to increase the security of their Facebook account. Gleicher said that the firm is looking at sending security keys to public figures and that other users will be able to buy the tokens from retailers in-person and online and register them with their Facebook account.

Firefox version 85 will be released in January 2021, and one of its features is increased user privacy via improvements in client-side storage (cache) partitioning. This has been widely and incorrectly reported elsewhere as network partitioning, likely due to confusion around the privacy.partition.network_state flag in Firefox, which allows advanced users to enable or disable cache partitioning as desired.

Three dozen journalists had their iPhones hacked in July and August using what at the time was an iMessage zero-day exploit that didn’t require the victims to take any action to be infected, researchers said.

Microsoft has released its current findings into the SolarWinds attack that continues to shake the global cybersecurity industry.

As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant malware on corporate and government networks.

Details about this second threat actor are still scarce, but security researchers don't believe this second entity is related to the suspected Russian government-backed hackers who breached SolarWinds to insert malware inside its official Orion app.