Security News
Our recent articles and videos, all in one place.
Our recent articles and videos, all in one place.
The crew at IBM X-Force has uncovered a massive cache of files, including about five hours of training videos intended for a select crew of hackers in Iran known as ITG18. Big Blue said the videos range from two minutes to two hours and mainly cover techniques for compromising popular webmail services.
Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.
Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.
A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Like other ransomware families, it encrypts targeted files.
Mobile health app Babylon, which states its company mission as putting "An accessible and affordable health service in the hands of every person on earth", has admitted to a software bug that went one step further than that. The user, named by the BBC as Rory Glover from Leeds in England, apparently used the app to check up on a prescription of his own, only to find that the "Consultation Replays" feature of the app contained a list of 50 videos for him to review.
A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.
Mobile app developers Tommy Mysk and Talal Haj Bakry just published a blog article entitled "TikTok vulnerability enables hackers to show users fake videos". We used a similar approach to Mysk and Haj Bakry to look at the network traffic produced by TikTok - we installed the tPacketCapture app on Android and then ran the TikTok app for a while to flip through a few popular videos.
The bug, which Google describes as a technical issue, was triggered when users requested a Google "Download your data" export. In the notification sent to the impacted users, Google reveals that those who used Takeout to download their data might have ended up with someone else's videos in their Google Photos backups.