Security News > 2021

The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself. As we said at the time, "Developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost."

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at C-suite executives, their assistants and financial departments, and can work around email security and Office 365 defenses.

The latest passive income trend, we're told by Lithuania-based internet biz IPRoyal, is internet sharing, a term that here means "Subletting" or "Reselling." Launched in January, IPRoyal pays residential internet users in exchange for "Sharing" their internet service, something many internet service providers like Sonic Internet [PDF] and Comcast prohibit in their terms of service.

Facebook services are currently experiencing issues around the world, with users unable to access Facebook, Messenger, WhatsApp, and Instagram. When attempting to access Facebook services, users worldwide have stated that the application will display a continuous "Connecting" message.

On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. The security vulnerability these attackers attempt to exploit is an unauthenticated remote command execution tracked as CVE-2021-22986, and it affects most F5 BIG-IP and BIG-IQ software versions.

Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier. With semanage, you can adjust file contexts, port contexts and booleans, which will go a long way to help you make things workable, while not disabling the security system.

Google has added new details on a pair of exploit servers used by a sophisticated threat actor to hit users of Windows, iOS and Android devices. Malware hunters at Google continue to call attention to a sophisticated APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.

The Russian national who attempted to convince a Tesla employee to plant malware on the company's computers has pleaded guilty, the U.S. Justice Department announced on Thursday. Egor Igorevich Kriuchkov, 27, has pleaded guilty to one count of conspiracy to intentionally cause damage to a protected computer.

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.