News

Apple's very latest version of iOS appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware. Researcher Jose Rodriguez told The Register that back in July he discovered how the then-beta-now-gold version of iOS 13 could be fooled into showing an iPhone's address book without ever having to unlock the screen. Source: The Register

UK police have arrested a suspected hacker for stealing unreleased music from recording artists and trying to sell the looted files for cryptocurrency. The 19-year-old suspect allegedly targeted "award-winning international superstars" by breaking into their websites and cloud-based accounts to access recorded music, the City of London Police said in a Friday statement. Source: PCMAG

Garmin Southern Africa (Garmin SA) disclosed today in a series of notifications sent to its customers that payment and sensitive personal information were stolen from orders placed on the shop.garmin.co.za shopping portal. Garmin SA was previously a Garmin distributor named Garmin Distribution Africa (GDA) before being acquired by Garmin, a global leader in satellite navigation, on September 2011.  In a press release published on July 31, 2019, Garmin announced a "Record second quarter revenue of $955 million, a 7% increase, with aviation,...

More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn. A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say. Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM card-based vulnerability, dubbed “SimJacker.” The glitch...

The organization accidentally sent the names, email addresses, gender and professional information of users of its portal Agora in an email sent in August. The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and professional information of 8,253 users of Agora,...

A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment. Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services and the Cloudflare Workers to inject the Astaroth trojan with the aim of stealing banking credentials. However, despite the effort put forth by the...

The vulnerability, now patched, is the latest in a series of bad news for Facebook. A now-patched Instagram vulnerability could have exposed users' account data and phone numbers to cyberattackers, parent company Facebook confirmed in a new report from Forbes. The bug was discovered by an Israeli hacker who goes by the handle @ZHacker13. It could have potentially been used to access user data including names, full phone numbers, and Instagram account numbers and handles...

There's concern a growing number of vacancies for cyber security jobs in Scotland could see a rise in hackers gaining our personal data. According to industry experts there’s a skill shortage and in 2017 it was estimated there were likely to be between 360 and 480 unfilled positions. These figures are expected to rise by 20% per year unless changes are made to increase skills supply. Source: PlanetRadio

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope. For years, Secure Sockets Layer (SSL) certificates — a digital tool used to allow secure web connections between a web server and web browser — has been a baseline for a business's digital trust. The padlock icon and https forward that appear in the address bar are an easy way for website visitors to gauge...

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim's files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker's control. Source:...