Security News

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content.

An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. Robert Purbeck - who used online aliases Lifelock and Studmaster - was indicted Tuesday by a federal grand jury in Georgia, according to a news release from the U.S. attorney's office in Atlanta.

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs":. Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification.

For the wider population, hacking has become synonymous with nefarious activities because - for the vast majority of people who experience it - it's in a criminal context. Regular Register readers can differentiate between criminal hackers who break the law and ruin people's lives, and hardware and software hackers who ingeniously lash together systems and perform miracles to get things running.

Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale. In January, a threat actor announced on underground forum Raid Forums that they breached Verified, an established Russian-language cybercrime forum.

In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members - including usernames, email addresses, and hashed passwords - publicly disclosed on a breach notification page put up by the attackers, stating "Your data has been leaked" and "This forum has been hacked."

This week's motion is: Hacking is not a crime, and the media should stop using 'hacker' as a pejorative. Now, arguing FOR the motion is ALYSSA MILLER.... Using the term "Hacker" to describe cyber criminals is an unfortunate habit that plagues modern media.

Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers. In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation. The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations unit of the U.S. National Security Agency. "The caught-in-the-wild exploit of CVE-2017-0005, a zero-day attributed by Microsoft to the Chinese APT31, is in fact a replica of an Equation Group exploit codenamed 'EpMe,'" Check Point researchers Eyal Itkin and Itay Cohen said.