SecurityWeek
Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker
Ron Reiter was a childhood hacker in Israel and recruited into the IDF’s Unit 8200. Now he is CTO and co-founder of cybersecurity firm Sentra.
%20(1).webp)
Cyber Security News
Apple iTunes For Windows Flaw Let Attackers Execute Malicious Code
A new arbitrary code execution vulnerability has been discovered in iTunes that could allow a threat actor to perform malicious activities
The Cyber Express
TCE Cyberwatch: A Look at This Week’s Top Cybersecurity Incidents
The digital landscape continues to be a battleground, with cyber threats evolving and attackers targeting an ever-wider range of victims.
CyberNews
Trust Wallet warns iOS users of zero-day exploit
Trust Wallet warned Apple iPhone owners of a possible zero-day vulnerability.
The Cyber Express
Trust Wallet Urges Caution for Apple Users Amid Reports of Apple iMessage Zero-Day Exploit
Trust Wallet, a leading provider of crypto wallets, has issued an advisory to Apple users regarding potential iMessage vulnerability. The
The Cyber Express
Apple’s Response to Rising Threats with ‘Mercenary Spyware Attacks’ Alert
Apple issued notifications to users in 92 countries on April 11, alerting them of possible mercenary spyware attacks. However, with
Bleeping Computer
Apple: Mercenary spyware attacks target iPhone users in 92 countries
Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device.
The Record
Apple notifies users in 92 countries about mercenary spyware attacks
Apple also updated its support page, explaining how the threat notifications work and what targeted users should do if they receive one.
Cyber Security News
$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day
This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and
Security Affairs
Crowdfense is offering a larger $30M exploit acquisition program
Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program.
SecurityWeek
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!
Quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.
Cyber Security News
Phishing-as-a-Service Platform Launched 20,000 Phishing Domains To Attack 100+ Countries
This sophisticated service enables cybercriminals to launch phishing campaigns across over 20,000 domains.
DarkReading
Cyber Threats Intensify in Middle East During Ramadan
How security teams in the region fortify their defenses amid short-staffing — and increased DDoS, phishing, and ransomware campaigns — during the Muslim holy month.
SecurityWeek
In Other News: Airline Privacy Review, SEC's SolarWinds Hack Probe, Apple MFA Bombing
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
HACKRead
New iMessage Phishing Campaign Targets Postal Service Users Globally
Some of the known targets of this iMessage phishing campaign are USPS, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post.
DarkReading
Suspected MFA Bombing Attacks Target Apple iPhone Users
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.
The Hacker News
Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection
Beware of Darcula, a Phishing-as-a-Service platform targeting 100+ countries with over 20,000 fake domains.
.webp)
Cyber Security News
iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.
SC Magazine
'Darcula’ phishing platform targets postal organizations worldwide
Netcraft researchers say the Chinese-language PhaaS platform targeted postal organization in more than 100 countries, including USPS.
Bleeping Computer
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.
DarkReading
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide
Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post. Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and more.
The Hacker News
U.S. Justice Department Sues Apple Over Monopoly and Messaging Security
U.S. Department of Justice and 16 state AGs have filed a lawsuit against Apple, accusing it of maintaining an illegal smartphone monopoly.
Bleeping Computer
Tuta Mail adds new quantum-resistant encryption to protect email
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.
SecurityWeek
Quantum Attack Protection Added to HP Business PCs
An upgraded ESC security chip makes the firmware of several HP business PCs resilient to quantum computer attacks.
CyberNews
Russia claims of US cyber offense surface on X
Russian cybersecurity firms have allegedly designated a US government offensive cyber group with its very own codename, Sand Eagle.
SC Magazine
Apple’s 17.4 emergency update patches two iPhone zero-days
Security pros say the zero-days are serious because nation-states tend to exploit flaws to launch spyware attacks on high-risk individuals.
DarkReading
CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok
Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike.
Latest Hacking News
Apple iMessage Adds Quantum Resistance To Its Encryption With PQ3 Protocol
Apple announced a significant security upgrade to its existing encryption – PQ3 protocol – ensuring users a safer communication with quantum resistance. Apple iMessage Adds Quantum Resistance The Cupertino giant Apple has now planned to enhance its
DarkReading
Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom
Apple's PQ3 for securing iMessage and Signal's PQXH show how organizations are preparing for a future in which encryption protocols must be exponentially harder to crack.
Security Affairs
Apple created post-quantum cryptographic protocol PQ3
Apple announced the implementation of a post-quantum cryptographic protocol called PQ3 will be integrated into iMessage.
Bleeping Computer
Apple adds PQ3 quantum-resistant encryption to iMessage
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks.
DarkReading
Apple Beefs Up iMessage With Quantum-Resistant Encryption
The revamped iMessage app uses Apple's new PQ3 post-quantum cryptographic protocol, which its engineers say will make it the most secure messaging app — but Signal's president begs to differ.
The Hacker News
Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage
Apple's iMessage is getting a major security boost with PQ3, the 'strongest' post-quantum encryption yet
Cyber Security News
Apple Adds PQ3 post-quantum Encryption for iMessage
Apple has released its new PQ3 (post-quantum) cryptographic protocol, claimed to be the first-ever messaging protocol to reach Level 3 security.
Ars Technica
iMessage gets a major makeover that puts it on equal footing with Signal
How Kybers and ratcheting are boosting the resiliency of Apple's messaging app.
PCMag
Apple Ramps Up iMessage Security to Fight Looming Quantum Computing Threat
Apple is launching its latest iMessage security protocol, PQ3, with its next OS updates for all Apple products that use the end-to-end encrypted messaging app.
SecurityWeek
Apple Adds Post-Quantum Encryption to iMessage
Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum attacks
Computerworld
Apple’s iMessage gains industry-leading quantum security
Apple, already preparing for the next generation of threats, is introducing upgraded encryption to protect iMessage against future attacks using quantum computers.
Computerworld
Apple’s iMessage gains industry-leading quantum security
Apple, already preparing for the next generation of threats, is introducing upgraded encryption to protect iMessage against future attacks using quantum computers.
SC Magazine
Apple upgrades iMessage encryption with post-quantum cryptography
The feature will roll out publicly with iOS 17.4 in March and is already available in beta.
PCMag
Apple Slams 'Unprecedented Overreach' of Proposed Update to UK Privacy Laws
A revision to the Investigatory Powers Act (IPA) could allow officials to quietly stop a company like Apple from rolling out certain features.
The Hacker News
Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations
Italy's data watchdog accuses ChatGPT of violating EU privacy laws by collecting sensitive data and exposing children to inappropriate content.
HACKRead
Kaspersky's iShutdown Tool Detects Pegasus Spyware and Other Mawlare on iOS Devices
The iShutdown tool has been launched a few weeks after Kaspersky cybersecurity researchers revealed significant insights into Operation Triangulation. This investigation delves into how spyware threats compromise iPhones.
Infosecurity News
New Tool Identifies Pegasus and Other iOS Spyware
Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information
SecurityWeek
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
Apple’s latest Magic Keyboard firmware addresses a recently disclosed Bluetooth keyboard injection vulnerability.
The Hacker News
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack
CISA adds six new flaws to its KEV catalog, highlighting urgent need for network security upgrades!
Bleeping Computer
CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
Bleeping Computer
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
DarkReading
‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections
The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.
HACKRead
iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers
The findings came as part of Operation Triangulation, months after Kaspersky discovered that their employees’ iPhones had been hacked by spyware.
Security Affairs
Operation Triangulation attacks relied on an undocumented hardware feature
Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature.
HACKRead
Apple's iPhone Hack Attack Warnings Spark Political Firestorm in India
Apple warned Indian opposition figures and journalists of possible state-backed hacking last year, causing tension with the government questioning the claims and pressuring Apple to soften them.
CyberNews
Amnesty supports Apple warnings about Indian government and Pegasus spyware
Amnesty International has confirmed what Apple had already warned about – that the government of India is using Pegasus spyware to target journalists and the opposition.
The Hacker News
Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature
Kaspersky discovers the "most sophisticated attack chain" targeting Apple iOS devices.
SecurityWeek
Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones
iOS zero-click attack targeting Kaspersky iPhones bypassed hardware-based security protections to take over devices.
Ars Technica
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
"Triangulation" infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
Bleeping Computer
iPhone Triangulation attack abused undocumented hardware feature
The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.
The Hacker News
Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave
Chinese-speaking threat actors, known as the Smishing Triad, are posing as UAE authorities to gather sensitive information via malicious SMS messages.
The Record
Cybercriminals target UAE residents, visitors in new info-stealing campaign
A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research.
Infosecurity News
Smishing Triad Targets UAE Residents in Identity Theft Campaign
The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies
Security Affairs
Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season
SecurityWeek
Apple Testing New Stolen Device Protection Feature for iPhones
Apple is testing a new security feature that should limit what iPhone thieves can do with a stolen phone, even if they have the passcode.
SecurityWeek
Apple Sets Trap to Catch iMessage Impersonators
Apple’s latest iOS and macOS platform refresh has been fitted with a new feature to catch impersonators on its iMessage service.
The Hacker News
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.
SecurityWeek
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption
A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
Computerworld
What is Contact Key Verification and how is it used?
Apple’s iMessage will soon offer a new secure identity verification system enterprise professionals might want to use: Contact Key Verification.
Ars Technica
No Bing, no Edge, no upselling: De-crufted Windows 11 coming to Europe soon
Some changes will arrive for non-EU users, too, but not the easy removals.
SecurityWeek
Apple Improves iMessage Security With Contact Key Verification
New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity.
Infosecurity News
Operation Triangulation iOS Attack Details Revealed
Kaspersky said the attack exploited five vulnerabilities, four of which were unknown zero-days
Cyber Security News
Hackers Launch a Chain of Exploits Via Malicious iMessage Attachments
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
SecurityWeek
Stealth Techniques Used in 'Operation Triangulation' iOS Attack Dissected
Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
Bleeping Computer
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
The Hacker News
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
SecurityWeek
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app.
The Hacker News
Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence
🔒 Signal refutes viral reports of a zero-day flaw in its encrypted messaging app. Extensive investigation found no evidence to support the claim.
SecurityWeek
Researcher Conversations: Natalie Silvanovich From Google's Project Zero
SecurityWeek interview with Natalie Silvanovich, a member of Project Zero – an elite group of researchers employed by Google.
The Hacker News
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
Libwebp image library under attack! A new CVE-2023-5129 has emerged, scoring a maximum 10.0 on CVSS. Get the details now
Bleeping Computer
Google assigns new maximum rated CVE to libwebp bug exploited in attacks
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.
The Hacker News
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
🚨 Attention users! Apple issues patches for 3 new critical zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari.
Cyber Security News
NSO’s Pegasus Hacked Russia Media Agency CEO's iPhone
The iPhone of Galina Timchenko, the co-founder, CEO, and publisher of the Russian independent media outlet Meduza was found to have NSO Group's Pegasus spyware.
DarkReading
Zero-Click iPhone Exploit Drops Spyware on Exiled Russian Journalist
The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.
The Hacker News
Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
Russian journalist Galina Timchenko's iPhone hacked with NSO Group's Pegasus spyware
Ars Technica
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?
With 70 zero-days uncovered so far this year, 2023 is on track to set a new record.
SecurityWeek
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery
After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware.
The Hacker News
Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
Mozilla is also rushing to fix a zero-day vulnerability (CVE-2023-4863) that is actively exploited in browsers.
The Record
Exiled Russian journalist had phone hacked with Pegasus spyware
The phone of a prominent Russian journalist and critic of the Kremlin was infected with Pegasus spyware, according to new research.
Bleeping Computer
Apple backports BLASTPASS zero-day fixes to older iPhones
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
Bleeping Computer
Apple backports BLASTPASS zero-day fix to older iPhones
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
Infosecurity News
US Government Ordered to Urgently Patch Apple Zero-Day Bugs
Federal agencies have one month to fix BlastPass vulnerabilities
The Hacker News
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Google releases patch for a new Chrome zero-day vulnerability (CVE-2023-4863) that's being exploited in the wild.
Bleeping Computer
CISA warns govt agencies to secure iPhones against spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.
Latest Hacking News
Apple Patched Two iOS Zero-Day Flaws Exploited In BLASTPASS
Apple recently patched two vulnerabilities actively exploited in the wild to target iPhones. The researchers found these iOS zero-day flaws exploited to deliver spyware to a US-based civil society organization. iOS Zero-Day Flaws Exploited To Deliver
Computerworld
Message to IT: Update all your Apple devices right away
IT should immediately update all enterprise Apple devices with an essential security update to defend against an insidious NSO Group zero-click attack.
Infosecurity News
Apple Patches Two Zero-Days Exploited in Pegasus Attacks
Users of iOS devices urged to enable lockdown mode
Cyber Security News
iPhone Zero-Click, Zero-Day Flaw Exploited in the Wild to Install Malware
According to Citizen Lab, the exploit chain was capable of infecting iPhones running the most recent version of iOS (16.6) without the victim's involvement.
The Hacker News
Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
🚨 Urgent Spyware Alert! Apple patched 2 new zero-day vulnerabilities in iOS, iPadOS, and macOS devices.
SecurityWeek
Apple Patches Actively Exploited iOS, macOS Zero-Days
Apple pushes out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild.
Bleeping Computer
Apple zero-click iMessage exploit used to infect iPhones with spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.
The Hacker News
Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.
A large-scale smishing campaign is hitting the U.S. through compromised Apple iCloud accounts.
Loading more articles....