Security News

Security researchers have discovered a way to leverage Apple's Find My's Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection. Using Bluetooth Low Energy, the data is being sent to nearby Apple devices that do connect to the Internet, and then sent to Apple's servers, from where it can be retrieved at a later date.

A group of election security experts said after a deep dive into Australia's electronic voting systems that they have "Serious problems" with the accuracy, integrity and privacy with elections run by the Australian Capital Territory Electoral Commission. The team of four cybersecurity professionals concluded that the ACT e-voting system errors did not impact any election outcomes, but could potentially sway future vote counts if left uncorrected.

Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack. The RaaS features the typical characteristics of any ransomware enterprise: after the target systems have been compromised, data is encrypted and exfiltrated for extortion purposes, and the victim is provided with means of contacting the attackers to receive details on the payment request and to negotiate the ransom.

Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem chip. A vulnerability in Qualcomm's Mobile Station Modem chip- installed in around 30% of the world's mobile devices - can be exploited from within Android.

A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft's SQL Server and Internet Information Services web server.In a talk today at Black Hat Asia titled Give Me a SQL Injection, I Shall PWN IIS and SQL Server, the three explained they found the JET engine - for years an underlying tech for Microsoft Access and other products, and still downloadable today - has many vulnerabilities.

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard'," cybersecurity firm Flashpoint said in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel.

Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

The cybersecurity world woke up Saturday to news of the sudden passing of Dan Kaminsky, a celebrated hacker who is widely credited with pioneering research work on DNS security. A regular speaker at Black Hat and DEFCON conferences over the years, Kaminsky was most recently co-founder and chief scientist at Human Security, an anti-fraud startup.

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.