iPhone hack allowed device takeover via Wi‑Fi

Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds Earlier this year, Apple patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range. However, details about the flaw, which was fixed months ago, were sparse until now. In a blog post of no fewer than 30,000 words, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio-proximity exploit that would grant him total control over an iPhone in his vicinity. The exploit allowed him to access all the data stored on [...]

Turla Crutch: Keeping the “back door” open

ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox ESET researchers found a previously undocumented backdoor and document stealer. Dubbed Crutch by its developers, we were able to attribute it to the infamous Turla APT group. According to our research, it was used from 2015 to, at least, early 2020. We have seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets as is common for many Turla tools.. Turla is a cyberespionage group active for more than ten years. It has compromised many governments, especially [...]

Cyberattackers could trick scientists into producing dangerous substances

Without ever setting foot in the lab, a threat actor could dupe DNA researchers into creating pathogens, according to a study describing “an end-to-end cyber-biological attack” Researchers have described a theoretical cyberattack that could be used to dupe unsuspecting scientists into producing dangerous biological substances, toxins and synthetic viruses. The paper, authored by researchers from Israel’s Ben-Gurion University of the Negev, sheds light on the potential risks of cyberattackers leveraging malware to subvert a scientist’s computer and interfere with the DNA synthesis process. “As DNA synthesis becomes more widespread, concern is mounting that a cyberattack intervening with synthetic DNA orders could lead to the synthesis of nucleic acids encoding parts of pathogenic organisms [...]

Mobile payment apps: How to stay safe when paying with your phone

Are mobile payments and digital wallets safe? Are the apps safer than credit cards? What are the main risks? Here’s what to know. While cash transactions aren’t going anywhere anytime soon, the convenience of electronic payment solutions has been steadily growing in popularity over the years. According to a recent survey by the US Federal Reserve, cash payments accounted for just 26% of all payments. Meanwhile, credit and debit cards and electronic payment methods were used for 65% of all payments. The COVID-19 pandemic has also triggered changes in how people shop, with e-commerce experiencing a surge in demand due to either governments limiting interaction between people to curb the spread of the [...]

Europol and partners thwart massive credit card fraud scheme

The operation was carried out against fraudsters trying to monetize stolen credit card data on the internet’s seedy underbelly Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around €40 million (US$48 million) in losses for both consumers and financial organizations. The operation, dubbed Carding Action 2020, was carried out over a span of three months and involved an analysis of 90,000 pieces of credit card information. It was led by law enforcement authorities from Italy and Hungary and supported by their peers from both the United Kingdom and Europol. It’s not immediately clear if any arrests [...]

FBI warns of threat actors spoofing Bureau domains, email accounts

The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently The Federal Bureau of Investigation (FBI) has issued a warning about domains designed to spoof the Bureau’s official website, fbi.gov. The alert lists more than 90 such fraudulent websites that have been registered recently. “The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity,” said the law enforcement agency. The list of fraudulent domains includes somewhat plausible examples, such as “fbihelp.org” and “fbifrauddepartment.org”, as well as more or less bizarre ones like “powerfulfbi.ninja” or “fbigiftshop.shop”. For context, domain spoofing involves the creation of a website whose domain [...]