Security News
The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K. He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign - in hopes of thwarting their use for other means.
The U.S. Department of Justice announced on Monday that the FBI managed to gain access to the data stored on two iPhones belonging to an individual who last year killed and wounded several people at a United States naval base. U.S. Attorney General William Barr and FBI Director Christopher Wray announced on Monday that the FBI managed to access the data stored on the two locked iPhones.
The price of some iOS exploits has dropped recently and at least one exploit acquisition company is no longer buying certain types of vulnerabilities. It also announced that prices for iOS exploit chains that require some user interaction and don't provide persistence will likely drop in the near future.
Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.
Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.
A hacker has put up for sale the dates of birth, genders, website activity, mobile numbers, usernames, email addresses and MD5-hashed passwords for 3.68 million users of the Mobifriends dating app. As of Monday, Mobifriends hadn't yet provided a comment on the stolen user data.
The US Federal Bureau of Investigation and cybersecurity experts believe Chinese hackers are trying to steal research on developing a vaccine against coronavirus, two newspapers reported Monday. The FBI and Department of Homeland Security are planning to release a warning about the Chinese hacking as governments and private firms race to develop a vaccine for COVID-19, the Wall Street Journal and New York Times reported.
Microsoft says it's investigating claims that its GitHub account has been hacked, and while some say the leaked files appear to be legitimate, it's unlikely that they contain any sensitive information. Data breach monitoring and prevention service Under the Breach reported on Thursday that a hacker claimed to have obtained 500 GB of source code from Microsoft's private GitHub repositories.
Security firm Check Point has found evidence that a Chinese government-linked hacking group has been infiltrating and gathering information on governments from around the Asia-Pacific region for more than five years. The group, known as Naikon Advanced Persistent Threat was first discovered in 2015, and after a report went public that named one of its members the group went silent.
Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning. The National Cyber Security Centre and America's Cybersecurity and Infrastructure Security Agency cautioned of a "Password spraying" campaign targeting healthcare and medical research organisations.