minute read
Share this article:
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.
In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1.
The researcher, Qixun Zhao, dubbed the exploit Chaos, for good reason. As this proof-of-concept video allegedly shows, a successful exploit would allow a remote attacker to jailbreak an iPhoneX, with the targeted user none the wiser, allowing the intruder to gain access to a victim’s data, processing power and more. It worked as a drive-by malware download, only requiring that the iPhone user visit a web page containing Qixun’s malicious code.
minute read
Share this article:
NY’s AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old’s fake identities.
Broadband providers and a 19-year-old college student were among those who successfully hijacked public comments during a crucial decision-making process in 2017 to overturn net neutrality by flooding the Federal Communications Commission (FCC) with fraudulent comments indicating their position on the move, according to a new report.
A secret campaign by the broadband industry to offer support to roll back net neutrality resulted in fake comments comprising more than 40 percent of those sent to the FCC during the public comments phase of its decision, according to the report by the New York State Office of the Attorney General.
minute read
Share this article:
The student opted for “free” software packed with a keylogger that grabbed credentials later used by “Totoro” to get into a biomolecular institute.
A European biomolecular research institute involved in COVID-19 research lost a week’s worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software.
Security researchers at Sophos described the attack in a report published on Thursday, after the security firm’s Rapid Response team was called in to mop up the mess.
Hey, everybody makes mistakes, the researchers said. That frugal student made a few of them. But the student’s goof-ups advanced to a full-fledged ransomware attack because there weren’t security measures in place to stop those missteps from happening, the researchers said.
minute read
Share this article:
The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom.
Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution (RCE) on corporate networks or steal information.
The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.
Separately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.
A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls.
That’s according to Check Point Research, which said that the bug (CVE-2020-11292) exists in the Qualcomm Mobile Station Modem (MSM) Interface, which is known as QMI for short. MSMs are systems on chips (SoCs) designed by Qualcomm, and QMI is a proprietary protocol used to communicate between software components in the modem and other peripheral subsystems.