Security News

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say...

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

One of the Android apps we identified last year, for example, was a QR code reader that was little different from the one already built into your phone's camera app that went for a whopping €104.99 even if you uninstalled the app straight after trying it and never used it again. Many of the fleeceware apps we see are advertised within the App Store as "Free" apps, which puts the apps at odds with section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their "App description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases."

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Apple fixed the issues with Safari 13.1, crediting Pickren for three bug reports in the patch release notes.

Turns out merely visiting a website - not just malicious but also legitimate sites unknowingly loading malicious ads as well - using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said.

How to set up an Android phone as your security key for your Google account. Set up two-step verification for your Google account through your phone or a computer by signing into the webpage for your Google account.

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.