Security News

"Furthermore, we noted a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber capabilities," said FireEye, which went on to refer to a group of malicious persons variously named by researchers as Stealth Falcon and FruityArmor [sic]. This group "Used malware sold by NSO Group", said FireEye, which speculated that it might also be linked to Uzbekistani state spying operations: "The zero-days used in SandCat operations were also used in Stealth Falcon operations, and it is unlikely that these distinct activity sets independently discovered the same three zero-days."

A recent analysis of the Zoom video conferencing application revealed that the keys used to encrypt and decrypt meetings may be sent to servers in China, even if all participants are located in other countries. "A scan shows a total of five servers in China and 68 in the United States that apparently run the same Zoom server software as the Beijing server. We suspect that keys may be distributed through these servers. A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China," Citizen Lab explained in a report published on Friday.

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.

Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. Set to discover such behaviors, researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security came up with a tool that can detect "The execution context of user input validation and also the content involved in the validation," thus finding any secrets of interest.

In a rare find, a researcher has unveiled dozens of related bugs in a core Windows API that could enable attackers to elevate their privileges in the operating system. The bugs take advantage of a long-understood problem with win32k, which is the user interface kernel component in Windows.

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. The researcher tested the flaws on a guest account on the latest Windows Insider Preview, which was updated last in September 2019.

"Whether in the IoT or on social networks, there are many circumstances where old information is circulating and could cause problems - whether it's old security data or a misleading rumor," says Wenye Wang, co-author of a paper on the work and a professor of electrical and computer engineering at NC State. "Ultimately, our work can be used to determine the best places to inject new data into a network so that the old data can be eliminated faster," says Jie Wang, a postdoctoral researcher at NC State and first author of the paper.

Researchers say yes: Good data can beat bad data in the race to spread. In a paper published on Friday, researchers from North Carolina State University and the Army Research Office have demonstrated a new model of how competing pieces of information spread in online social networks and the Internet of Things. Ultimately, our work can be used to determine the best places to inject new data into a network so that the old data can be eliminated faster.

The report revealed increased spikes in attacks against government and law sectors as the United States launched its Democratic primaries, and early signs of change in industry traffic and attack trends due to COVID-19. During the month of February, Imperva began monitoring how and if the cross-border spread of COVID-19 started to affect traffic and attack trends across multiple industries and countries.

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.