Security News

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to wireless access points with percent symbols in their names such as "%p%s%s%s%s%n.

iPhones have been compromised by the NSO Group's Pegasus spyware. The findings indicated that the Pegasus spyware program sold by surveillance company NSO Group was able to infect iPhone 11 and iPhone 12 models through zero-click attacks in the iOS iMessage app.

China on Tuesday said the US had "Fabricated" allegations it carried out a massive Microsoft hack, countering that Washington was the "World champion" of cyber attacks while raging at American allies for signing up to a rare joint statement of condemnation. The United States on Monday accused Beijing of carrying out the March cyber attack on Microsoft Exchange, a top email server for corporations around the world, and charged four Chinese nationals over the "Malicious" hack.

Human rights and press freedom activists are up in arms about a new report on NSO Group, the notorious Israeli hacker-for-hire company. The report, by a global media consortium, expands public knowledge of the target list used in NSO's military-grade spyware.

The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes. The United States and several allies have officially pointed the finger at China for the recent hack of Microsoft Exchange server as well as an ongoing series of cyberattacks carried out by contract hackers for personal profit.

Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said. The hackers got Social Security numbers for 27 people in the cyberattack Tulsa detected May 6, Michael Dellinger, the city's chief information officer, said Tuesday.

Based on these parameters, Nevada topped the roundup by a significant margin with 523 hacking victims per 100,000 residents. For perspective, the District of Columbia claimed the second-highest ratio with 302 attack victims per 100,000 residents, just ahead of Iowa, Alaska and Florida.

A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. It can be exploited by an unauthenticated attacker who has network access to the targeted PLC. The exploit chain demonstrated by Armis also involves several other vulnerabilities discovered over the past few years.

HackTheBox announces Academy for Business, a new interactive skill development course for corporate IT and security teams. Businesses can train and upskill their staff using practical and theoretical material from the Academy for Business, preparing employees for the challenges of modern cybersecurity threats.

Schou set up a Wi-Fi access point with a network name of %p%s%s%s%s%n, and then deliberately connected his iPhone to it in order to check for what are known as format string vulnerabilities. The name format string vulnerability comes from a standard, widely-used system function, found in almost every operating system, known as printf(), shorthand for format and print data.