Security

Two years ago, Apple dropped a plan that would have made it impossible for the company to decrypt iPhone and iPad backups for law enforcement, according to a Reuters report today. Reuters wrote that "six sources familiar with the matter" confirmed that Apple dropped the end-to-end encryption plan for iCloud Backup "after the FBI complained that the move would harm investigations."

Apple had "told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud" more than two years ago, Reuters wrote.

Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found and remote administration has been turned on, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday.

Following the reveal of a major security flaw in Internet Explorer that is currently being exploited by hackers, Microsoft has confirmed its existence though the software giant has no immediate plans to release a patch to fix it.

The security flaw in the company's legacy browser was first disclosed by a division of Homeland Security called US-CERT, that reports on major security flaws, in a tweet which contained a link to a security advisory concerning the bug. According to the advisory, the vulnerability has already been “detected in exploits in the wild”.

On January 19, Citrix released some permanent fixes to a vulnerability on the company's Citrix Application Delivery Controller (ADC) and Citrix Gateway virtual private network servers that allowed an attacker to remotely execute code on the gateway without needing a login. The vulnerability affects tens of thousands of known VPN servers, including at least 260 VPN servers associated with US federal, state, and local government agencies—including at least one site operated by the US Army.

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it.

The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday.

US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites.

The website provided access to people's cleartext passwords, allowing hackers to purchase a subscription on the site and gain access to billions of user credentials.

On the heels of Microsoft's first Patch Tuesday for 2020, Oracle has pushed out a dizzying 334 security patches for its first critical patch update (CPU) of the year.

Oracle's January 2020 CPU matches its largest CPU on record, which happened in the July 2018 CPU. In total, the January 2020 CPU addresses flaws in 94 products.  

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked.

These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.