News

Amazon have patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads. Application security firm Checkmarx explained that it identified a cross-site scripting (XSS) flaw that said it could be weaponised as part of an attack chain to trick victims into installing a...

On Wednesday, Apple released security updates for iOS, iPadOS and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise devices. The issues were: CVE-2022-32893 - An out-of-bounds issue in WebKit which potentially lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An out-of-bounds issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest...

The North Korea state-backed Lazarus Group has been observed to be targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. ESET, a Slovak cybersecurity firm, linked these events to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the military and aerospace sectors into opening fake job offer documents. The latest attack is no...

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities. With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is...

On Monday, popular end-to-end encrypted messaging service Signal disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1900 users. Signal said, "for about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private...

Alphabet Inc's Google Unit was ordered by Australia's Federal Court to pay A$60million in penalties for misleading users on collection of their personal location data, according to Australia's competition watchdog. The court found that Google mislead some customers about their personal location data that was being collected through their Android mobile devices between January 2017 and December 2018. Google misled users into believing that the "location history" setting on their Android phones was the only...

Vulnerabilities in Xiaomi's mobile payment could lead to an attacker stealing private keys used to sign Chinese social media Wechat Pay control and payment packages. The flaws were found by Check Point Research (CPR) in Xiaomi's trusted execution environment (TEE), the system element responsible for storing and managing sensitive information such as passwords and keys. Slava Makkaveev, security researcher at Check Point, said: “We discovered a set of vulnerabilities that could allow forging of payment packages...

Last week, Advanced, a key NHS IT partner was hit by a ransomware attack. The IT company has said that it could take three to four weeks for systems to resume normal service. Advanced runs several key systems within the health service. One of its most important clients is the NHS 111 service. The UK Government tried to downplay the seriousness of the incident last week by claiming "minimal disruption." However, reports suggested that it...

International Cyber Expo today announced the speaker line-up for its annual Global Cyber Summit sponsored this year by Snyk, and hosted at Olympia London on the 27th and 28th of September 2022. Introduced by former CEO of NCSC, Professor Ciaran Martin CB, the Summit endeavours to be an educational platform for IT professionals, C-Level executives and board members on the issues impacting the industry; both current and emerging.   In a combination of roundtable discussions, fireside...

Interpol has launched a new awareness campaign that aims to urge individuals not to become money mules, after 15 suspects were arrested in connection with a major romance scam conspiracy. The international policing organisation's Financial Crime and Anti-Corruption Centre (IFCACC) said the two-week global campaign aims to highlight the critical role mules play in modern crime. The campaign will use the hashtag #YourAccountYourCrime on social media in an attempt to remind people that they are...