Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target’s webcam and microphone on iOS and macOS devices.
Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.
The popular video conferencing application Zoom has been having A Moment during the Covid-19 pandemic. But it’s not all positive. As many people’s professional and social lives move completely online, Zoom use has exploded. But with this boom has come added scrutiny from security and privacy researchers—and they keep finding more problems, including two fresh zero day vulnerabilities revealed Wednesday morning.
The debate has underscored the inherent tension of balancing mainstream needs with robust security. Go too far in either direction, and valid criticism awaits.
Zoom has never been known as the most hardcore secure and private service, and there have certainly been some critical vulnerabilities, but in many cases there aren’t a lot of other options.
Kenn White, Security researcher
It’s absolutely fair to put public pressure on Zoom to make things safer for regular users. But I wouldn’t tell people ‘don’t use Zoom.’ It’s like everyone is driving a 1989 Geo and security folks are worrying about the air flow in a Ferrari.
Kenn White, Security researcher
Zoom isn’t the only video conferencing option, but displaced businesses, schools, and organizations have coalesced around it amid widespread shelter in place orders. It’s free to use, has an intuitive interface, and can accommodate group video chats for up to 100 people. There’s a lot to like. By contrast, Skype’s group video chat feature only supports 50 participants for free, and live streaming options like Facebook Live don’t have the immediacy and interactivity of putting everyone in a digital room together. Google offers multiple video chat options—maybe too many, if you’re looking for one simple solution.
UK Prime Minister Boris Johnson sparked security concerns on Tuesday when he shared a screenshot of “the first ever digital Cabinet” on his Twitter feed. It revealed the country’s most senior officials and ministers were using bog-standard Zoom to discuss critical issues facing Blighty.
The tweet also disclosed the Zoom meeting ID was 539-544-323, and fortunately that appears to have been password protected. That’s a good thing because miscreants hijacking unprotected Zoom calls is a thing.
Crucially, the use of the Zoom software is likely to have infuriated the security services, while also raising questions about whether the UK government has its own secure video-conferencing facilities. We asked GCHQ, and it told us that it was a Number 10 issue. Downing Street declined to comment.
The decision to use Zoom, as millions of others stuck at home during the coronavirus outbreak are doing, comes as concerns are growing about the conferencing app’s business model and security practices.
The Ministry of Defense (MoD) of Japan has confirmed that it is going to invest over 25.6 billion Yen or $237.12 million in USD to develop Artificial Intelligence-based tools to counter cyber attacks.
Japan aims to develop an all-inclusive AI system that can detect malevolent emails, respond to cyberattacks in an automated way through machine learning skills and eventually neutralize the effect of attacks on public and private sector targets.
The MoD is also planning to procure a Cyber Information Gathering System for $31.5 million resourceful to gather tactics, techniques, and procedures (TTP) or to adhere to Self-Defense Forces (SDF).
Highly placed sources say that the government of Japan woke up to a digital alert when a massive scale Cyber Attack was launched on Mitsubishi Electric by a hacking group from China.
Some media resources from Japan reported on an international note that some critical info about MoD and Nuclear Regulation Authority was accessed and stolen by hackers in the attack. Furthermore, digital documents related to private firms, railway operators and a car manufacturer visionary approach for the year 2022 were also reportedly accessed by the threat actors.
To prevent such attacks any further on public and private entities, Japan’s MoD has now initiated measures to thwart such attacks shortly. And as a plan to strategize a framework to defend the critical infrastructure from cyber attacks the company.
So you’re way ahead of us here, with your backups neatly done and safely stored away.
Or perhaps not, because sorting out your backups is a bit like taking the garbage out or washing the dog – you know it needs doing, and you might as well do it now, but it can probably wait until tomorrow.
Depending on what happens today, of course.
Well, the bad news is, now that so many of us are working from home, we can’t rely on IT to do it all for us, or to show up at our desks with a smile and a USB drive filled with all those precious files that we just deleted by mistake.
But the good news is, now that so many of us are working from home, that backup isn’t that hard to do right – the hardest part is just getting round to doing it properly, or even at all.
An Auto-connect option is now available under the Preferences menu. Enable this and the app will automatically connect to a server when it launches. If your Android device has the “Always-on VPN” feature, you can combine these two functionalities to automatically secure your connection from the moment you power on your phone.
You can now add an app shortcut tile to Android’s Quick Settings menu. A single tap on the tile will connect or disconnect you while tapping and holding opens the app.
Microsoft has made it official that it is going to withdraw from an investment agreement that is made with an Israeli startup which was into the development of facial recognition software. Although the company never made its intention for disinvestment clear, a source from the tech giant says that the decision was taken after it learned that the startup’s product was being used by the government to conduct surveillance on the populace of West Bank- a region located near the border of Jordan.
The company in the discussion is AnyVision which is a company based in Tel Aviv and offering facial recognition software.
Highly placed sources say that the AnyVision facial recognition software was being used to monitor border crossings between West Bank and Israel. But it is still not clear whether the videos are a part of mass surveillance programs- similar to the espionage program being conducted in China.
As many people across the world are working from home these days to keep their office operations going, hackers are seeing these devices as vulnerable points to infiltrate corporate networks. So, here are some strategies that can make your work from home experience spectacularly cyber secure.
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices.
According to research published by Trend Micro and Kaspersky, the “Operation Poisoned News” attack leverages a remote iOS exploit chain to deploy a feature-rich implant called ‘LightSpy’ through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.
Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim’s device and load it with malware.