Collaborate Disseminate
Remember the FaceTime bug that allowed a caller to eavesdrop on your phone? Researchers just discovered another – this time in Signal. Continue reading Signal immediately fixed FaceTime-style eavesdropping bug
A bunch of fairly recent Android phones suffer from a nasty zero-day vulnerability. The flaw is currently being exploited, but by whom?
The post Android Zero-Day Panic as Ancient Linux Flaw Forgotten appeared first on Security Boulevard.
Continue reading Android Zero-Day Panic as Ancient Linux Flaw Forgotten
Android smartphones are vulnerable to a zero-day exploit that Google thought it had patched for good two years ago. Continue reading Android devices hit by zero-day exploit Google thought it had patched
Flaw impacts 18 Android models including Google’s flagship Pixel handset as well as phones made by Samsung, Huawei and Xiaomi. Continue reading Google Warns of Android Zero-Day Bug Under Active Attack
Hackers aimed to infect mobile phones belonging to senior members of Tibetan groups, including people who worked directly for the Dalai Lama, as well as lawmakers in Tibet’s parliament, according to new findings from a team of researchers at the University of Toronto. The digital rights group Citizen Lab on Tuesday detailed an apparent cyber-espionage effort which involved attackers posing as journalists, Amnesty International researchers, nongovernmental organization workers and other faked identities to send malicious links in a WhatsApp conversation. Researchers observed the campaign, dubbed Poison Carp, between November 2018 and May 2019. Hackers relied on eight Android browser vulnerabilities, Android spyware, a single iOS exploit chain (a combination of malicious actions allowing hackers to achieve a goal) and iOS spyware. None of the attacks utilized zero-day exploits, the name given to hacking tools that take advantage of never-disclosed vulnerabilities. None of the intrusion attempts detected here were successful, but at […]
The post A cyber-espionage effort against Tibetan leaders leveraged known Android, iOS vulnerabilities appeared first on CyberScoop.
The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords. Continue reading LastPass Fixes Bug That Leaks Credentials
Apple doesn’t like what Google has been saying about Apple. The iPhone-maker released a surprise statement on Friday refuting assertions from Google’s Project Zero researchers, who last week revealed how hackers had exploited five chains of iOS vulnerabilities to spy on “thousands” of users. The high-profile report by Google did not identify the victims, but claimed those targeted were vulnerable for years if they simply visited an infected website. In its response, Apple described the attack as “narrowly focused,” rather than the kind of “en masse” targeting described by the Project Zero researchers. Apple confirmed that the hacking activity was aimed at the Uighur community, a Muslim population under mass surveillance by the Chinese government, and said the campaign involved fewer than a dozen websites. Apple said the attacks were “only operational” for two months, rather than two years. The statement takes issue with the scope and volume of Google’s findings, but does […]
The post ‘Indiscriminate’ iOS hacking was relatively limited, Apple says. Try telling that to the Uighur population. appeared first on CyberScoop.
Google’s Project Zero is back, with some worrying criticisms of Apple’s software-engineering chops. The conclusions will surprise you.
The post Apple is Bad at Software, says Google appeared first on Security Boulevard.
Continue reading Apple is Bad at Software, says Google
Compromised iPhones were turned into surveillance tools capable of recording the owner’s entire digital life. Continue reading Sophisticated iPhone hacking went unnoticed for over two years
Researchers from Google on Thursday announced the discovery of a hacking campaign in which attackers spent two years using breached websites to try to siphon information off thousands of iPhones, a blockbuster announcement that upends traditional narratives around Apple device security. Google’s Project Zero detailed the malicious activity with five so-called exploit chains, which demonstrate how hackers linked together Apple vulnerabilities to infiltrate Apple’s protections. By directing iPhone connections to specific web pages, hackers proved capable of accessing a device’s kernel and other key functionality, access they could abuse to secretly install malicious apps, monitor a user’s location, or take other action, Google said. The vulnerabilities affect iOS versions 10 through iOS 12.4. The vulnerabilities were patched in the latest update, iOS 12.4.1. Google’s research team discovered a total of 14 vulnerabilities, including seven for the Safari browser, five for the kernel and another two sandbox escapes (exploits that enable […]
The post Google’s Project Zero details ‘indiscriminate’ hacking campaign against thousands of iPhones appeared first on CyberScoop.