Apple Releases Urgent Patch Following Discovery of Pegasus Spyware
This week, Apple released an urgent update that mitigates a critical vulnerability exploited by the Pegasus mobile software. The flaw, which is tracked as CVE-2021-30860, was first discovered by security researchers at the University of Toronto’s Citizen Lab when analyzing the iPhone of a Saudi activist who had been targeted
iPhone Hack Allegedly Used to Spy on China’s Uyghurs
US intelligence has stated that the Chaos iPhone flaw that allows for remote takeover was leveraged by China against the minority ethnic group, the Uyghurs before Apple patched the issue. A Chinese security researcher working at the antivirus company Qihoo 360 allegedly found the complex exploit in 2019, dubbing it
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Cybercriminals are leveraging zero-day vulnerabilities in Microsoft Exchange servers, dropping cryptocurrency mining malware as part of a campaign that seeks to secretly steal the processing power of compromised systems. The campaign is targeted towards financial gain and is currently ongoing, according to advisories published by several US agencies, including warnings
Attackers exploit 0-day code-execution flaw in the Sophos firewall
Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday. The
RCE Exploit Released for IBM Data Risk Manager, No Patch Available
IBM has not yet patched four serious security vulnerabilities that lie in the IBM Data Risk Manager (IDRM). The vulnerabilities can lead to unauthenticated remote code execution (RCE), according to an analysis from Agile Information Security. A proof-of-concept exploit is also available for version 2.0.3. IDRM serves as a software
New iOS exploit discovered being used to spy on China’s Uyghur minority
Yesterday, a security firm stated that it discovered a new iOS exploit, named Insomnia, that works against iOS 12.3, 12.3.1, and 12.3.2. The security firm, Volexity, also stated that it believes the exploit was used to spy on the pressed Uyghur minority population in China. Apple patched this vulnerability behind
This Map Shows the Global Spread of Zero-Day Hacking Techniques
Zero-day exploits are being tracked by a global map developed by FireEye, and the company released yesterday an analysis of how these critical vulnerabilities have been exploited worldwide over the past seven years. The publication includes research from Google Project Zero’s database of active zero days. FireEye exposes what countries
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an
Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
APT41, a Chinese threat group that is responsible for dozens of destructive cyberattacks, has been exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of a new espionage campaign. However, researchers have not yet determined if the campaign is targeting specific organizations or what these
Critical Zoho Zero-Day Flaw Disclosed
The IT help desk ManageEngine software made by Zoho Corp has been compromised by a zero-day vulnerability that enables unauthenticated access to systems, allowing a remote attacker to launch attacks. Zoho has since released an update that addresses the vulnerability after it was discovered by Steven Seeley of Source Incite