Security News > 2020

To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.

A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday. Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.

"Furthermore, we noted a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber capabilities," said FireEye, which went on to refer to a group of malicious persons variously named by researchers as Stealth Falcon and FruityArmor [sic]. This group "Used malware sold by NSO Group", said FireEye, which speculated that it might also be linked to Uzbekistani state spying operations: "The zero-days used in SandCat operations were also used in Stealth Falcon operations, and it is unlikely that these distinct activity sets independently discovered the same three zero-days."

Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking.

Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking. Dan Patterson, a Senior Producer for CBS News and CNET, interviewed futurist Isaac Arthur about quantum encryption.

Microsoft is reporting that an Emotet malware infection shut down a network by causing computers to overheat and then crash. The threat actors used the stolen credentials to deliver phishing emails to other Fabrikam employees, as well as to their external contacts, with more and more systems getting infected and downloading additional malware payloads.

As the Chinese government turns to virtual private networks to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies.

One of the easiest ways for professionals to protect their internet traffic is by using a virtual private network, or VPN. VPNs are used to create secure, remote connections to other networks or geographic locations; a computer connected to a VPN can appear to be inside of a business network or in a different part of the world. There are a lot of factors that go into choosing a good VPN service, and you can read up on choices and VPN policy at TechRepublic and our sister site ZDNet.

Dan Patterson speaks to cybersecurity expert Robert Lee about the capabilities of Russian hackers as well as the risks IoT and industrial IoT pose to smart cities. CNET and CBS News Senior Producer Dan Patterson spoke with cybersecurity company Dragos, Inc., Founder and CEO Robert Lee about the risks emerging technologies like IoT pose to smart cities and their infrastructures as well as Russia's involvement with hacking US elections.

There's been a bit of a buzz in the news lately over an "Epic new feature" in the next Apple iPad model - the one that's supposed to come out this year. A real-life, break-in-the-wire(ish) microphone switch so that you can be sure that your iPad really isn't recording you while you're in your car or sitting around at home.