Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

source: wired.com | image: pexels.com

 

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

 

In April, Apple sent notifications to iPhone users in 92 countries, warning them they’d been targeted with spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” the notification reads.

Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based in India, but others in Europe also reported receiving Apple’s warning.

Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed “LightSpy,” but Apple spokesperson Shane Bauer says this is inaccurate, and researchers at security firm Huntress say the variant Blackberry analyzed was a macOS version, not iOS. Continue reading “Apple’s iPhone Spyware Problem Is Getting Worse”

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

source: technewsworld.com | image: pexels.com

 

Brute force cracking of passwords takes longer now than in the past, but the good news is not a cause for celebration, according to the latest annual audit of password cracking times released Tuesday by Hive Systems.

Depending on the length of the password and its composition — the mix of numbers, letters, and special characters — a password can be cracked instantly or take half a dozen eons to decipher.

For example, four-, five-, or six-number-only passwords can be cracked instantly with today’s computers, while an 18-character password consisting of numbers, upper- and lower-case letters, and symbols would take 19 quintillion years to break.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms — like bcrypt — for encrypting passwords in databases. Now, that same 11-character password takes 10 hours to crack.

Continue reading “Brute Force Password Cracking Takes Longer, But Celebration May Be Premature”

Apple Sued Over AirTags Privacy: Everything to Know

source: cnet.com  |  image: pexels.com

AirTags digital trackers have raised privacy concerns since the beginning. But now, a lawsuit claims Apple didn’t implement sufficient safeguards.

A class-action lawsuit against Apple alleges the tech giant didn’t sufficiently resolve privacy issues raised by its AirTag digital tracking devices, leading to unwanted stalking and abuse.

The lawsuit, which was filed last year and given court approval to proceed earlier this month, says plaintiffs suffered “substantial” injuries from people who abused Apple’s $29 Bluetooth tracker in ways the company didn’t sufficiently work to address.

Hacker Nation: The World’s Third-Largest Economy

 

source: technewsworld.com  |  image: pexels.com

 

During the past 40 years, hackers have graduated from worm attacks in the 1980s to fully funded organizations tapping into some of the most lucrative industries in the world. Today, cybercrime is a significant threat to any company with a device attached to the internet and continues to cause substantial economic impact worldwide.

The modern-day cyberattack can trace its roots back to the 1988 Morris worm attack. Before the World Wide Web had made an impact, a small program launched from a computer at the Massachusetts Institute of Technology (MIT) propagated remarkably. It infected an estimated 6,000 of the approximately 60,000 computers connected to the internet at the time. Although it was difficult to calculate the exact damage caused by the Morris worm, estimates put it anywhere between US$100,000 and the millions.

Continue reading “Hacker Nation: The World’s Third-Largest Economy”

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

Fidelity customers’ financial info feared stolen in suspected ransomware attack

 

source: the register.com (submitted by FAN, Steve Page)  |  image: pixabay.com

 

Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers’ personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys’ IT systems in the fall.

According to Fidelity, in documents filed with the Maine attorney general’s office, miscreants “likely acquired” information about 28,268 people’s life insurance policies after infiltrating Infosys.

“At this point, [Infosys] are unable to determine with certainty what personal information was accessed as a result of this incident,” the insurer noted in a letter [PDF] sent to customers. However, the US-headquartered firm says it “believes” the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.

In other words: Potentially everything needed to drain a ton of people’s bank accounts, pull off any number of identity theft-related scams — or at least go on a massive online shopping spree.

LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the “cybersecurity incident” affecting its US subsidiary, Infosys McCamish Systems aka IMS. It reported that the intrusion shuttered some of its applications and IT systems [PDF].

This was before law enforcement shut down at least some of LockBit’s infrastructure in December, although that’s never a guarantee that the gang will slink off into obscurity — as we’re already seen.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

source: wired.com  |  image: pexels.com

 

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that impacted thousands of organizations that downloaded a compromised software update, and led to the compromise of around 100 organizations, including major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

According to Microsoft, it has found no evidence that its customer-facing systems were breached.

Communication devices found on Chinese-made cranes in US ports

 

source: newsnationnow.com (contributed by FAN, Steve Page)  | image: pixabay.com

 

A congressional investigation into Chinese-built cargo cranes at U.S. ports has uncovered concerns about potential national security risks.

According to a report from The Wall Street Journal, some of the cranes were found to contain communications equipment, including cellular modems, that could be accessed remotely.

Lawmakers worry about the threat of espionage and disruption posed by these cranes, which are predominantly manufactured by ZPMC, a Chinese company.

Continue reading “Communication devices found on Chinese-made cranes in US ports”

What to know about China’s cyber threats?

source: axios.com, contributed by FAN, Bill Amshey  |  image: pixabay.com

 

China has become the top hacking threat in 2024 with a recent series of attacks targeting critical U.S. infrastructure.

Why it matters: It’s rare for public officials to share as many details as they have in recent weeks about ongoing cyber threats — underscoring just how concerned the Biden administration is about a Beijing-backed cyberattack.

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI released an advisoryWednesday detailing how the Volt Typhoon hacking group is infiltrating the U.S.

The advisory presented a stark picture of the “persistent” threat, with China having access to some infrastructure for “at least five years.”

  • Typical malware detection tools can’t detect these hackers’ movements.
  • And in some cases, Volt Typhoon had enough access to tamper with basic essential services, like water and energy controls.

The big picture: This is just the latest example of Chinese hackers targeting not only U.S. infrastructure, but also American businesses in the last year.

  • But keeping tabs on everything going on — or even recalling what all has happened — has become a daunting task.

Continue reading “What to know about China’s cyber threats?”

China had “persistent” access to U.S. critical infrastructure

source: https://www.axios.com, contributed by FAN, Steve Page  |  image: pexels.com

 

China-backed hackers have had access to some major U.S. critical infrastructure for “at least five years,” according to an intelligence advisory released Wednesday.

Why it matters: The hacking campaign laid out in the report marks a sharp escalation in China’s willingness to seize U.S. infrastructure — going beyond the typical effort to steal state secrets.

  • The advisory provides the fullest picture to-date of how a key China hacking group has gained and maintained access to some U.S. critical infrastructure.

Details: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation released an advisory Wednesday to warn critical infrastructure operators about China’s ongoing hacking interests.

Continue reading “China had “persistent” access to U.S. critical infrastructure”