A New Ransomware Targeting Apple macOS Users Through Pirated Apps

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed “EvilQuest” — is packaged along with legitimate apps, which upon installation, disguises itself as Apple’s CrashReporter or Google Software Update. Besides encrypting the victim’s files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files. With this development, EvilQuest joins a handful…

Read More

53 Different Apps Including TikTok Spy On iPhone/iPad

Apple has always boasted privacy and security in favour of its users. Nonetheless, the snoopers never miss a chance to intrude on iOS users’ privacy in one or another. Recently, researchers found some popular apps doing just that. As revealed, they identified around 53 different iOS apps, including TikTok, that spy on iPhone and iPad users by accessing their device clipboard. TikTok, Other Apps Spy On iPhone iPads Clipboard Researchers Tommy Mysk and Talal Haj Bakry have shared details about numerous apps spying on iPhone, iPad users. Specifically, they identified…

Read More

Anonymous Hackers Target TikTok: ‘Delete This Chinese Spyware Now’

This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it. The ByteDance-owned platform was under fire anyway, over allegations of data mishandling and censorship, but then a beta version of Apple’s iOS 14 caught the app secretly accessing users’ clipboards and a backlash immediately followed. Whether India had always planned to announce its ban on TikTok, along with 58 other Chinese apps, on Monday June 30, or was prompted by the viral response to the iOS security issue…

Read More

Sony Announce Bug Bounty Program For PlayStation

Sony have recently launched their bug bounty program for PlayStation. Security researchers and bug bounty hunters can now report any bugs affecting PlayStation-related devices expecting great rewards. PlayStation Bug Bounty Program Reportedly, Sony has recently introduced a dedicated bug bounty program covering PlayStation related devices. The program launched on HackerOne – the popular bug bounty platform – will cover vulnerabilities affecting PlayStation 4 console, operating system, and related accessories, as well as the PlayStation Network. However, any bugs in PlayStation 1, 2, and 3 are out of the scope of…

Read More

The Art of Shoulder Surfing

Shoulder Surfing – Another method social engineers use to gain access to information is shoulder surfing. A shoulder surfer is skilled at reading what users enter on their keyboards, especially logon names and passwords. This skill certainly takes practice, but with enough time, it can be mastered easily. Shoulder surfers also use this skill to read PINs entered at ATMs or to detect long distance authorization codes that callers dial. Shoulder Surfing – ATM theft is much easier than computer shoulder surfing because a keypad has fewer characters to memorize…

Read More

Facebook Removes Trump’s Political Ad Campaign For Violating Policies

In a first direct action against US President Donald Trump, Facebook on Friday removed a Trump campaign ad featuring a symbol used by Nazis for political dissenters, saying the ad violated its policies. The ad with an upside-down red triangle symbol was posted under accounts for Donald Trump, VP Mike Pence and the Trump Campaign, reports Axios. “Our policy prohibits using a banned hate group’s symbol to identify political prisoners without the context that condemns or discusses the symbol,” a Facebook spokesman was quoted as saying. This is the first…

Read More

Jio Fiber Launch Sony Liv, Prime, And Other Online Content

Jio Fiber users can now avail Zee5 Premium subscription for free. The new development comes just days after Jio Fiber subscribers received free one-year access to Amazon Prime service. Users just need to open the Zee5 app on their Jio set-top box to log in as a Zee5 Premium subscriber. The video streaming service is touted to have a library of over 4,500 movies and over 120 originals. It also offers content in across 12 languages. In addition to free access through the Jio set-top box, Zee5 will soon be…

Read More

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities

Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage. The findings are part of a collaborative analysis by cybersecurity firm ESET and the impacted firms, resulting in an extensive look into InvisiMole’s operations and the group’s tactics, tools, and procedures (TTPs). “ESET researchers conducted an investigation of these attacks in cooperation with the affected organizations and were able to uncover the extensive, sophisticated tool-sets used for delivery, lateral movement, and execution of InvisiMole’s…

Read More

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users

High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week. “This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America.” Called the GPRS Tunnelling…

Read More

Microsoft Patch

Microsoft has rolled out one of the biggest security updates this month. For June, the Patch Tuesday update bundle includes a whopping 129 security fixes by Microsoft, including some critical bugs. Critical Security Fixes In June With Patch Tuesday June updates, Microsoft has issued security fixes for 11 different critical bugs. All of these vulnerabilities, when exploited, could lead to remote code execution. One of these bugs, CVE-2020-1299, existed in the way Microsoft Windows processed .LNK files. This is the third RCE flaw related to .LNK file processing addressed this…

Read More