Security

Researchers at cyber security firm ClearSky claim to have uncovered an Iranian hacking campaign intended to gain a  persistent foothold on the networks of major companies worldwide.

The campaign, dubbed Fox Kitten, was first noticed in the fourth quarter of 2019, although it represents the continuation of attacks that have been running for the past three years, targeting dozens of companies in Israel and around the world.

Dozens of Israeli soldiers have fallen victim to a hacking scheme orchestrated by the Hamas militant group which infected their smartphones with malware.

A spokesperson for Israel's military revealed that the soldiers were sent fake photos of young women in an effort to lure them to download an app that could access their devices without their knowledge.

Russia will continue to engage in cyber operations to threaten Western nations, with sanctions so far proving ineffective.

The warning comes from the Estonian Foreign Intelligence Service (EFIS), which in its 2020 annual threat assessment report states that Russian cyber operations have been successful so far and will continue to look for new security vulnerabilities to exploit in coming months.

Many security professionals have long held that the words "mobile security" are an oxymoron. True or not, with today's mobile usage soaring in enterprises, that viewpoint may become irrelevant. It's a reasonable estimate that 2020 knowledge workers use mobile devices to either supplement or handle much of their work 98% of the time. Laptops still have a role (OK, if you want to get literal, I suppose a laptop can be considered mobile), but that's only because of their larger screens and keyboards. I'd give mobile players maybe three more years before that becomes moot.

In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures.

According to researchers, many device makers still don't sign the firmware they ship for their components. Furthermore, even if they sign a device's firmware, they don't enforce checks for the firmware signature every time the driver/firmware is loaded, but only during installation.

That laptop on your desk or server on a data center rack isn't so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads, largely sourced from third parties—have their own dedicated chips and code as well. That represents a serious security problem: Despite years of warnings, those computers inside your computer remain disturbingly unprotected, offering an insidious and nearly undetectable way for sophisticated hackers to maintain a foothold inside your machine.

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.

More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.

More foreign countries, militias and other groups are targeting US intelligence agencies with hacking, according to a report Monday from the National Counterintelligence and Security Center. Not only that, but they're increasingly targeting the private sector and government agencies that aren't directly involved in national security, says the report, which outlines a strategy for addressing the hacking threat.

Google has revealed plans to initially warn Chrome users about “insecure” downloads and eventually block them outright. “Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files,” Joe DeBlasio of the Chrome security team wrote in a blog post. “Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.”