Security News

An attacker exploiting the vulnerability could have taken over user accounts on the affected third-party applications, regardless of whether the victim was using a valid Apple ID or not, security researcher Bhavuk Jain explains. In the second step, the user is provided with the option to share the Apple Email ID with the third-party app.

Researchers at cybersecurity company Check Point said on Thursday that they have found the real identity of VandaTheGod, a Brazilian hacker involved in both hacktivist operations and financially-motivated cybercrimes. Check Point told SecurityWeek that it informed law enforcement about its findings in October 2019, but the hacker continued to be active up until May 2020.

In a report shared with The Hacker News, researchers from Check Point said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a Brazilian individual from the city of Uberlândia. "Many of the messages left on the defaced websites implied that the attacks were motivated by anti-government sentiment, and were carried out to combat social injustices that the hacker believed were a direct result of government corruption," the researchers said.

In a report shared with The Hacker News, researchers from Check Point said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a Brazilian individual from the city of Uberlândia. "Many of the messages left on the defaced websites implied that the attacks were motivated by anti-government sentiment, and were carried out to combat social injustices that the hacker believed were a direct result of government corruption," the researchers said.

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware - a technique called steganography - the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said.

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware - a technique called steganography - the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said.

Results from separate studies by Checkmarx and ExpressVPN reveal consumers won't easily share their personal information with tracing apps due to concern for misuse. The VPN provider ExpressVPN and software security company Checkmarx queried 1,200 and 1,500 consumers, respectively, to find out what Americans think about digital contact-tracing systems having access to their health information.

Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.

Security researchers working with Trend Micro's Zero Day Initiative have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk. Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.

Security researcher Vinoth Kumar says Facebook awarded him $20,000 after he discovered and reported a Document Object Model-based cross-site scripting vulnerability that could have been exploited to hijack accounts. The researcher says he discovered the vulnerability in the window.