Apple Airtag Bug Enables ‘Good Samaritan’ Attack

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. Continue reading Apple Airtag Bug Enables ‘Good Samaritan’ Attack

VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. Continue reading VMware Flaw a Vector in SolarWinds Breach?

Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know

An investigation has concluded that Jeff Bezos’s smartphone was hacked after receiving a WhatsApp message from Mohammed bin Salman.
Read more about the background behind the story, and what we know so far.
Continue reading Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know

Jeff Bezos’ Phone Allegedly Hacked by Saudi Arabia for Link to Washington Post, Jamal Khashoggi

Saudi Arabia hacked Amazon CEO Jeff Bezos’ phone and stole private information, according to Gavin De Becker, a private investigator working for Bezos. De Becker said the cyberattack is linked to Bezos’ connection to the Washington Post, wh… Continue reading Jeff Bezos’ Phone Allegedly Hacked by Saudi Arabia for Link to Washington Post, Jamal Khashoggi

Chinese hackers stole sensitive U.S. Navy submarine plans from contractor

A Chinese intelligence agency was able to successfully hack into a Navy contractor around February, stealing more than a half terabyte worth of highly sensitive documents about U.S. submarine technology and plans. The hackers, according to the Washington Post, employed by China’s Ministry of State Security (MSS), targeted a Rhode Island-based company that was actively working on a Navy development project known as “Sea Dragon.” The Post reported that the breach was driven by China’s continued mission to challenge the U.S. military’s existing naval superiority, especially as it relates to the hotly contested South China Sea territory. While China has made strides in developing aspects of their navy, the country has lagged in building both anti-submarine technology and a next generation fleet. Based on publicly available information, the Sea Dragon program is part of the Pentagon’s Strategic Capabilities Office. It focuses on building a “cost-effective disruptive offensive capability … by […]

The post Chinese hackers stole sensitive U.S. Navy submarine plans from contractor appeared first on Cyberscoop.

Continue reading Chinese hackers stole sensitive U.S. Navy submarine plans from contractor

High-severity vulnerability found in SecureDrop system

A high severity vulnerability found in SecureDrop, a whistleblower submission system used by newsrooms and advocacy groups, prompted a patch from developers and coordination with dozens of prominent news organizations that use the software to communicate with sensitive sources. The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets. Some SecureDrop users, including the New York Times, are reinstalling the software as part of a general update. Other organizations “decided that the chance of an attack was so remote that they do not believe a reinstall is necessary,” SecureDrop developers explained. The vulnerability has not been spotted in the wild and “would be incredibly difficult to pull off,” according to a bulletin posted on Tuesday afternoon. While stressing the difficulty of exploitation, SecureDrop developers said it’s “likely that only a nation-state actor with network-level access would have the ability to conduct […]

The post High-severity vulnerability found in SecureDrop system appeared first on Cyberscoop.

Continue reading High-severity vulnerability found in SecureDrop system

Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure

The Obama Administration reportedly planted cyber weapons within Russian infrastructure in 2016 to use in response to potential threats made by the Kremlin, according to the Washington Post. Through collaboration with members of the NSA, CIA and U.S. Cyber Command, according to the Washington Post, Obama gave his signature to a covert cyber operation designed “to be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.” The cyber weapons were “the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow,” but the project, including the “time sensitive” weapons, were never fully completed under Obama and the option for potential retaliation now rests with President Donald Trump. The Obama administration publicly announced a set of sanctions in December 2016 aimed at cracking […]

The post Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure appeared first on Cyberscoop.

Continue reading Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure

What Hack? Burlington Electric Speaks Out

Burlington Electric Department general manager Neale Lunderville speaks out about last week’s incident and response to reports the electric grid had been hacked. Continue reading What Hack? Burlington Electric Speaks Out