Hackers Increasingly Use SIM-Swapping to Hijack Accounts

Last week, hackers took over the Twitter account of that company’s chief executive Jack Dorsey, using SIM-swapping, a technique that lets hackers access social media, email, financial accounts and other sensitive data. SIM-swapping, by which hackers take over the target’s phone, is being used to steal money and take over the “online personae” of celebrities, politicians and other notable people. In response, Twitter temporarily turned off the feature that allows users to send tweets via text message. Continue reading Hackers Increasingly Use SIM-Swapping to Hijack Accounts

DARPA Attempts to Stop Automated Disinformation Attacks

The Defense Advanced Research Projects Agency (DARPA) published a concept document for the Semantic Forensics (SemaFor) program, aimed at stopping “large-scale, automated disinformation attacks,” by detecting fakes among thousands of audio clips, photos, stories and video. As the 2020 Presidential election approaches, U.S. officials are working to prevent hackers from spreading disinformation on social platforms, but Senate majority leader Mitch McConnell won’t consider any election security laws. Continue reading DARPA Attempts to Stop Automated Disinformation Attacks

2017 Data Breach Likely to Cost Equifax Up to $700 Million

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed. Continue reading 2017 Data Breach Likely to Cost Equifax Up to $700 Million

Researchers Identify Bugs in Microsoft Excel, Apple macOS

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS

Cybersecurity Report Finds Extensive Flaws in Huawei Gear

Ohio-based cybersecurity firm Finite State released a report that documents flaws in Huawei Technologies’ equipment that can be used by hackers. According to the report, these flaws are much more extensive than those found in similar gear from rival companies. The report does not, however, accuse the company of incorporating these flaws deliberately and does not comment on U.S. claims that the Chinese company uses such flaws to conduct espionage. The flaws were found in firmware, which enables a computer’s hardware. Continue reading Cybersecurity Report Finds Extensive Flaws in Huawei Gear

Report: Suspected Chinese Hackers Target Global Telecoms

Hackers likely associated with the Chinese government broke into at least 10 global telecom carriers, stealing call logs, users’ locations and text-messaging records, according to a report from Boston-based Cybereason. The cybersecurity firm spent 2018 scrutinizing a multi-year, ongoing campaign, suspected to be directed by China and aimed at 20 military officials, spies, law enforcement and dissidents in Africa, Asia, Europe and the Middle East. Cybereason believes the recent hacks point to Chinese group APT10. Continue reading Report: Suspected Chinese Hackers Target Global Telecoms

Apple’s 2020 iPhones to Introduce 5G and Design Updates

Industry insider Ming-Chi Kuo reported that Apple plans to introduce some significant changes in its 2020 iPhones, including 5G connectivity and design upgrades. But owners of iPhones and other iOS devices are likely concerned about the recent news that every one of the world’s current 1.4 billion iPhones and iPads can be hacked. Israel-based Cellebrite demonstrated that it can perform a “full file extraction” on any iOS device, as well as on high-end Android devices. Further, law enforcement can pay for that ability without having to send devices to Cellebrite. Continue reading Apple’s 2020 iPhones to Introduce 5G and Design Updates

Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns. Continue reading Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

Microsoft Warns Windows Bug May Be Abused by Hackers

Facebook, Intel and Microsoft announced bugs in their software this week. Facebook patched WhatsApp to prevent hackers from using it to install spyware on mobile phones. Intel described its efforts to fix a problem with its chipsets that allow attackers to access private data. Now Microsoft warned that it just patched a bug similar to the WannaCry ransomware crypto-worm that attacked computers around the globe in 2017. The company said that, to its knowledge, no one yet had exploited the Windows vulnerability. Continue reading Microsoft Warns Windows Bug May Be Abused by Hackers

Intel, Researchers Team to Address Security Flaws in Chips

Intel and micro-architecture security researchers discovered new vulnerabilities in the company’s chipsets that allow hackers to “eavesdrop” on all processed raw data. Four attacks showed similar techniques, which Intel dubbed Microarchitectural Data Sampling (MDS) and the researchers have named ZombieLoad, Fallout and Rogue In-Flight Data Load (RIDL). The discovery comes more than a year after Intel and AMD identified Meltdown and Spectre, two major security flaws. AMD and ARM chips are not vulnerable to these new attacks. Continue reading Intel, Researchers Team to Address Security Flaws in Chips

WhatsApp Calls Used to Inject Spyware on Mobile Phones

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

Congress Introduces IoT Bill to Protect Connected Devices

Congress introduced the Internet of Things Cybersecurity Improvement Act yesterday, in an effort to position legislative power behind securing connected devices. Defense Intelligence Agency director Lieutenant General Robert Ashley told lawmakers last year that IoT devices are considered one of the “most important emerging cyberthreats” to national security. Without a national standard for IoT security, we need to rely on steps taken by individual companies. The legislation, which was first introduced in 2017, would require security standards for IoT devices used by the federal government. Continue reading Congress Introduces IoT Bill to Protect Connected Devices

Trump Pushes for Speedy Adoption of 6G Networks in U.S.

President Trump tweeted his desire to see 6G in the U.S. “as soon as possible,” even as the advent of 5G has yet to make much of a dent. Although what motivated these tweets is unclear, some believe it is related to Trump’s concerns that Huawei and other Chinese companies will surpass the U.S. with 5G-network penetration. Last year, some sources reported that the U.S. government considered building a national 5G service to head off Chinese competition, although if this plan did exist, it was quickly abandoned. Continue reading Trump Pushes for Speedy Adoption of 6G Networks in U.S.

Chinese, Iranian, Russian Hackers Honing Their Attack Skills

The National Security Agency and security firm FireEye recently detected extensive attacks by Iran on U.S. banks, businesses and government agencies, prompting the Department of Homeland Security to declare an emergency during the government shutdown. The attacks from Iran took place at the same time that China renewed its efforts to steal trade and military secrets, from Boeing, General Electric Aviation and T-Mobile. Meanwhile, Microsoft detected a Russian government operation targeting think tanks critical of Russia. Continue reading Chinese, Iranian, Russian Hackers Honing Their Attack Skills

Experts Question Apple’s Security in Light of FaceTime Bug

News site 9to5Mac reported that Apple’s FaceTime app, which places audio/video calls over the Internet, had a significant bug: an iPhone user could call another iPhone user and eavesdrop on that person’s conversation through the phone’s microphone — even if the call recipient doesn’t answer the call. The bug was actually discovered a full week before Apple disabled Group FaceTime and stated that it was working to fix it. In that gap, a developer discovered the bug, which was reported in 9to5Mac. Security researchers have dubbed the glitch FacePalm. Continue reading Experts Question Apple’s Security in Light of FaceTime Bug

Page 1 of 812345678