Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version,…
Tag: phishing
Apple Will Proxy Safe Browsing Traffic on iOS 14.5 To Hide User IPs from Google
Apple’s upcoming iOS 14.5 release will ship with a feature that will re-route all Safari’s Safe Browsing traffic through Apple-controlled proxy servers as a workaround to preserve user privacy and prevent Google from learning the IP addresses of iOS users. From a report: The new feature will work only when users activate the “Fraudulent Website Warning” option in the iOS Safari…
Proofpoint Sues Facebook To Get Permission To Use Lookalike Domains For Phishing Tests
Cyber-security powerhouse Proofpoint has filed a lawsuit this week against Facebook in relation to the social network’s attempt to confiscate domain names the security firm was using for phishing awareness training. From a report: The case is a countersuit to a Facebook filing from November 30, 2020, when the social network used a UDRP (Uniform Domain-Name Dispute-Resolution) request to force domain…
Journalists Scrutinize QAnon’s Role in Capitol Hill Mob — And Its Hosting Infrastructure
On Thursday Axios tried to assess QAnon’s role in the mob that stormed America’s Capitol building:
Adherents of the QAnon conspiracy theory, who imagine a vast deep-state cabal of pedophiles arrayed against Trump, have for years insisted that a moment of reckoning for their enemies is imminent. QAnon believers have largely accepted that Trump is waiting for the right time to bring…
Russians Are Believed To Have Used Microsoft Resellers in Cyberattacks
As the United States comes to grips with a far-reaching Russian cyberattack on federal agencies, private corporations and the nation’s infrastructure, new evidence has emerged that the hackers hunted their victims through multiple channels. From a report: The most significant intrusions discovered so far piggybacked on software from SolarWinds, the Austin-based company whose updates the Russians compromised. But new evidence from…
Why on Earth Is Someone Stealing Unpublished Book Manuscripts?
A phishing scam with unclear motive or payoff is targeting authors, agents and editors big and small, baffling the publishing industry. From a report: Earlier this month, the book industry website Publishers Marketplace announced that Little, Brown would be publishing “Re-Entry,” a novel by James Hannaham about a transgender woman paroled from a men’s prison. The book would be edited by…
GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test.
An anonymous reader shares a report (alternative source): “2020 has been a record year for GoDaddy, thanks to you!” the email read. Sent by Happyholiday@Godaddy.com, tucked underneath a glittering banner of a snowflake and stamped with the words “GoDaddy Holiday Party,” the Dec. 14 email to hundreds of GoDaddy employees promised some welcome financial relief during an otherwise stressful year. “Though…
Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum
A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. BleepingComputer reports: Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner…
Mysterious Phishing Campaign Targets Organizations in COVID-19 Vaccine Cold Chain
IBM’s cyber-security division says that hackers are targeting companies associated with the storage and transportation of COVID-19 vaccines using temperature-controlled environments — also known as the COVID-19 vaccine cold chain. From a report: The attacks consisted of spear-phishing emails seeking to collect credentials for a target’s internal email and applications. While IBM X-Force analysts weren’t able to link the attacks to…
2FA Bypass Discovered In Web Hosting Software cPanel
An anonymous reader quotes a report from ZDNet: Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The bug, discovered by security researchers from Digital Defense, allows attackers to bypass two-factor authentication (2FA) for cPanel accounts. These accounts are used by website owners to access…