How China turned a prize-winning iPhone hack against the Uyghurs

Google’s Chrome browser, Microsoft’s Windows operating system, and Apple’s iPhones were all in the crosshairs. But no one was breaking the law. These were just some of the people taking part in Pwn2Own, one of the world’s most prestigious hacking competitions. It was the 10th anniversary for Pwn2Own, a contest that draws elite hackers from around the globe with the lure of big cash prizes if they manage to exploit previously undiscovered software vulnerabilities, known as “zero-days.” Once a flaw is found, the details are handed over to the companies…

Read More

Spectre Strikes Back: New Hacking Vulnerability Affecting Billions of Computers Worldwide

Computing experts thought they had developed adequate security patches after the major worldwide Spectre flaw of 2018, but UVA’s discovery shows processors are open to hackers again. In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack. Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted…

Read More

Billions of computers at hacking risk: Indian-origin scientist

An Indian-origin researcher has warned that billions of computers and other devices across the globe are vulnerable today owing to a vulnerability named ‘Spectre’ that was first discovered in 2018 but is open to hackers again. Since ‘Spectre’ was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much. However, researchers, led by Ashish Venkat at the University of…

Read More

Signal’s hack of surveillance tech used by police could undermine Australian criminal cases

Criminal lawyers could soon begin challenging a tool Australian police routinely rely on to extract messages, photos and other information from mobile phones for investigations after the discovery of security flaws that meant data could be falsified. Last week Moxie Marlinspike, the founder of encrypted messaging app Signal, published a blog post outlining a series of vulnerabilities in Israeli company Cellebrite’s surveillance devices. Marlinspike said the weaknesses make it easy for anyone to plant code on a phone that would take over Cellebrite’s hardware if it was used to scan…

Read More

Hackers are attacking the COVID-19 vaccine supply chain

Hackers have targeted companies that distribute the COVID-19 vaccine to a degree previously unreported, according to research from IBM Security. Starting last year, attackers attempted to access sensitive information about the vaccine’s “cold chain” distribution system. IBM Security said the phishing attack targeted 44 companies in 14 countries across Europe, North America, South America and Asia.It is unclear if the hackers were successful in breaching systems. The hacking victims include high-ranking executives at a petrochemical firm, a solar energy manufacturer, several IT companies and a department at the European Commission. …

Read More

Cyber-attack hackers threaten to share US police informant data

Washington DC’s Metropolitan Police Department has said its computer network has been breached in a targeted cyber-attack, US media report. A ransomware group called Babuk is reportedly threatening to release sensitive data on police informants if it is not contacted within three days. The FBI is investigating the extent of the breach, US media reported, citing the Washington DC police department. Ransomware is used to scramble computer networks and steal information. Attackers target companies or organisations and can lock their systems, then demand large sums of money in return for…

Read More

Hackers publish extensive dossiers on D.C. police officers in extortion attempt

Cybercriminals seeking to extort Washington’s Metropolitan Police Department have published extensive private dossiers of five current and former officers. The files, each of which is around 100 pages long, are marked “Background Investigation Documents” and labeled “confidential,” alongside the department’s seal. They include a vast array of personal information, as well as arrest history, housing and financial records, polygraph results and extensive details about their training and work background. The hackers are one of several known ransomware gangs that hack an organization, then lock its  files or threaten to leak…

Read More

Security News This Week: Signal’s Founder Hacked a Notorious Phone-Cracking Device

Apple’s spring product launch event was marred by a ransomware attack against one of its suppliers, Quanta Computer. The incident is notable because it involves Apple—and the release of confidential schematics—but also because it represents an intersection of multiple disturbing trends in digital extortion. In other Apple-adjacent hacking news, Facebook researchers found that a Palestine-linked group had built custom malware to attack iOS, hidden inside a functional messaging app. Victims had to visit a third-party app store to install the malicious software, but the hackers used social engineering techniques to…

Read More

Hackers attack Apple and demand $50 million ransom, leak design of unreleased MacBook

A Russian hacking group is extorting Apple for a reported sum of $50 million, after obtaining schematics of several of its future products. The group posted proof of the data leak on the dark web hours before Apple’s Spring loaded event earlier this week. Named REvil, the hacking group gained the confidential data through a cyber-attack on one of the manufacturers of MacBooks and other Apple products. The target was a Taiwan-based company called Quanta, which has also confirmed the data leak in a report by Bloomberg. The threat actors…

Read More

Lazarus hacking group now hides payloads in BMP image files

The Lazarus group has tweaked its loader obfuscation techniques by abusing image files in a recent phishing campaign.  Security Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea.  Known as one of the most prolific and sophisticated APTs out there, Lazarus has been in operation for over a decade and is considered responsible for worldwide attacks including the WannaCry ransomware outbreak, bank thefts, and assaults against cryptocurrency exchanges.  South Korean organizations are consistent targets for Lazarus, although the APT has also been traced back to cyberattacks in…

Read More