Security News

Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits. Citizen Lab was able to independently observe NSO Pegasus spyware deployed on an iPhone 12 Pro Max running iOS 14.6, hacked via a zero-day zero-click iMessage exploit, which does not require interaction from the target.

Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users-whose accounts may have been compromised-to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or email.

For 21 years, the software company Kaseya labored in relative obscurity - at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions. A 2019 ransomware attack also rode into computers through another company's add-on software component to the Kaseya VSA, causing more limited damage than the recent attack.

Pro-Trump social media platform GETTR was targeted by hackers shortly after launch - accounts were apparently compromised and tens of thousands of users had their data scraped and leaked online. A Twitter-like platform, GETTR was launched on July 4 by Jason Miller, who served as a spokesperson for former U.S. President Donald Trump.

Gettr, a social media platform set up by allies of former President Donald Trump, was still wet and squirming when it got hacked - twice. Gettr - a Twitter-esque platform with posts and trending topics - was quietly launched on Thursday by Jason Miller, a senior adviser to Trump who's been teasing it for months.

Microsoft is updating Microsoft Defender for Identity to allow security operations teams to block attacks by locking a compromised user's Active Directory account. Microsoft Defender for Identity is a cloud security service that leverages on-premises Active Directory signals to detect and analyze advanced threats, compromised identities, and malicious insider activity targeting enrolled organizations.

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. Avast's investigation into the incident began after it discovered the backdoored installer and the implant on one of its customers' systems.

Researchers added the attack also included public and private keys of LimeVPN users. "The hacker informed us that they have the private keys of every user, which is a serious security issue as it means they can easily decrypt every LimeVPN user's traffic," the firm said in a posting.

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig for stealthily exploiting the infected host's resources to mine Monero.

TechRepublic's Karen Roby spoke with Eric Sivertson and J.P. Singh of Lattice, a global semiconductor company, about cyberattacks in cars. Things are changing, and it's so important when it comes to cars that we keep up with security, because the thought of someone being able to just take over a car remotely, it's a pretty scary thought.