A critical bug that has lurked in iPhones and iPads for eight years appears to be under active attack by sophisticated hackers to hack the devices of high-profile targets, a security firm reported on Wednesday. The exploit is triggered by sending booby-trapped emails that, in some cases, require no interaction at all and, in other cases, require only that a user open the message, researchers from ZecOps said in a post. READ MORE...
Hackers working on behalf of the Vietnamese government attempted to break into Chinese organisations heading up the country's coronavirus response, according to infosec outfit FireEye.APT32, a hacking group previously linked to the Vietnamese government, tried to access the personal and professional email addresses of staff at China's Ministry of Emergency Management and the government of Wuhan, where it is believed the pandemic started. READ MORE...
Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers. The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. READ MORE...
Microsoft has warned that cyber criminals are taking advantage of the ongoing coronavirus crisis to trick users into downloading malware onto their devices. In a statement on Twitter, Microsoft Security Intelligence said that hackers are posing as the "Usa Volunteer Organization" and the "Usa Humanitarian Group" and are sending out hundreds of emails offering free COVID-19 medical advice and testing. READ MORE...
Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data. Like other ransomware seen in the past, Maze can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. READ MORE...
A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. That's according to researchers at Radware, who also said that it's notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which at this time of writing, has still not be addressed in a ZyXel advisory. READ MORE...
Sure, it's for video-gaming - but you should still try to make your Nintendo account as hard as possible to hack. Nintendo Switch owners can buy games online through the official eShop, and a hacker might try to purchase digital currencies for games such as Fortnite through a user's linked PayPal account. Nintendo, like many other companies, offers two-step verification (2SV) - sometimes known as two-factor authentication - to help users protect their online accounts. READ MORE...
For years, researchers and spies have devised ways of getting malware to computers that are "air-gapped," or physically isolated from external network connections. Attacks like Stuxnet, the computer worm deployed against an Iranian nuclear facility a decade ago, shattered the myth that air-gapped systems are impenetrable fortresses. In that case, suspected U.S. and Israeli intelligence operatives crossed an air gap with malware that ultimately sabotaged centrifuges at a uranium enrichment plant. READ MORE...