now WITH SPICY COMMENTS X-D
SecurityLab, [22.12.19 12:40]
A Twitter user using the alias 08Tc3wBB created tfp0-an exploit that allows you to jailbreak the latest iPhone models with IOS 13.3.
The functionality of the exploit has already been confirmed by security researcher Raz Mashat.
Vulnerability in iOS will help to hack all new iPhone models (https://www.securitylab.ru/news/503652.php)
SecurityLab, [23.12.19 08:05]
Security researchers Decoder and Chris Danieli discovered a vulnerability in Dropbox for Windows that allows attackers to increase their privileges to the system level, and have already created a PoC exploit for it.
The problem is related to the program update mechanism and affects standard dropbox installations.
Vulnerability in Dropbox allows you to increase privileges to the system level (https://www.securitylab.ru/news/503655.php)
SecurityLab, [23.12.19 08:20]
Cybercriminals exploit the old vulnerability CVE-2018-0296 for attacks on Cisco Adaptive Security Appliance (ASA) and Firepower Appliance hardware firewalls.
Exploiting the vulnerability allows an unauthorized attacker to remotely access sensitive information through a directory traversal attack, as well as cause a denial of service to the device.
Criminals exploit an old vulnerability in Cisco products (https://www.securitylab.ru/news/503656.php)
SecurityLab, [23.12.19 09:00]
Unknown cybercriminals could steal confidential information from two contractors of the Ministry of defense and the Armed forces of Singapore.
As reported on the website of the Ministry of defense, the network of the medical Institute HMI Institute and ST Logistics company were attacked by malware, which could result in the leakage of personal data of employees of the Ministry and the armed forces.
Contractors of the Ministry of defense and the armed forces of Singapore were subjected to cyber attacks (https://www.securitylab.ru/news/503657.php)
SecurityLab, [23.12.19 09:20]
Last week, the Network published a database containing more than 267 million unique identifiers of user accounts of the social network Facebook.
The leak occurred on December 4 this year.
Presumably, it could be caused by the actions of a certain Vietnamese cybercrime group that gained access to the Facebook API.
Review of security incidents for the period from 16 to 22 December 2019 (https://www.securitylab.ru/news/503658.php)
SecurityLab, [23.12.19 09:45]
The Ministry of justice of Greece is preparing to extradite to the United States Russian Alexander Vinnik, who was arrested during a vacation in July 2017 at the request of American law enforcement agencies.
Greek authorities are preparing to extradite Alexander Vinnik to the United States (https://www.securitylab.ru/news/503660.php)
SecurityLab, [23.12.19 09:55]
The member States of the Eurasian economic Union (EEU) opposed the law on mandatory pre-installation of Russian SOFTWARE on devices sold in the territory of the Russian Federation.
According to Vedomosti, the corresponding position was expressed by representatives of the EAEU member States at a meeting of the Department of internal markets of the Eurasian economic Commission (EEC) on December 13 this year (Izvestia managed to get acquainted with a copy of the minutes of the meeting).
Representatives of the EEU criticized the law on pre-installation of Russian SOFTWARE (https://www.securitylab.ru/news/503661.php)
SecurityLab, [23.12.19 11:30]
Twitter has reported a vulnerability in the Android version of the app that could compromise users ‚ accounts.
This problem affects only the Android client, and its operation allows an attacker to inject malicious code into the limited storage areas of the application to „view confidential information or take control of the account“.
In this way, the perpetrator can send tweets or direct messages, as well as gain access to the user’s personal messages, protected tweets and GEODATA.
Vulnerability in Twitter for Android allowed to hack the account (https://www.securitylab.ru/news/503662.php)
… always PHONE TRUMP UP AND ASK: „DID YOU REALLY TWEET THIS BS?“ X-D
… no comment …
SecurityLab, [23.12.19 14:55]
A cybercriminal who tried to blackmail Apple in 2017 has been sentenced to a prison term suspended for 2 years.
Cybercriminal sentenced to prison for blackmailing Apple (https://www.securitylab.ru/news/503666.php)
SecurityLab, [23.12.19 15:30]
Browser extensions from Avast and AVG, previously removed from the Firefox and Chrome extension stores due to unwanted activity, have undergone a number of changes and are now available for download again.
Problematic extensions from Avast and AVG have reappeared in Firefox and Chrome stores (https://www.securitylab.ru/news/503670.php)
SecurityLab, [23.12.19 15:50]
The FBI has launched the IDLE (Illegal Data Loss Exploitation) program, which is designed to help companies reduce the damage from data theft.
Under the new program, companies will introduce „false data“ to trick attackers and corporate spies who want to steal valuable information.
The FBI will help companies create „false data“ to deceive attackers (https://www.securitylab.ru/news/503671.php)
SecurityLab, [24.12.19 08:15]
Every minute of every day, anywhere in the world, dozens of companies register the movements of tens of millions of smartphone owners and save this data in giant files.
Employees of the new York Times managed to get one such file, which is, in their words, „the largest and most sensitive of all, ever studied by journalists.“
Journalists received a file with data on the movements of 12 million us residents (https://www.securitylab.ru/news/503678.php)
SecurityLab, [24.12.19 08:40]
The popular ToTok messaging app has been suspected of being a spy tool used by the United Arab Emirates government to track users ‚ conversations, movements, relationships, meetings and photos.
Popular messenger ToTok suspected of espionage (https://www.securitylab.ru/news/503679.php)
… then you know why WhatsApp is still free… because UR DATA! IS SOLD! BY FACEBOOK! TO GOOGLE! TO AMAZON! TO CIA NSA FBI… EVERYONE!
SecurityLab, [24.12.19 09:00]
A resident of the Chinese province of Shandong decided to Rob an ATM, but he was scared off, no, not the sound of the alarm and not the police, but a voice assistant.
The failed robbery attempt was captured by security cameras, and then the video appeared on the Pear Video YouTube channel.
In China, a voice assistant has protected an ATM from hacking (https://www.securitylab.ru/news/503680.php)
SecurityLab, [24.12.19 09:55]
The Chinese government has accused tech giants Xiaomi and Tencent of illegally collecting users ‚ personal data.
The Ministry of industry and information of the PRC has published a list of 41 applications that, according to the authorities, violate the law on the collection of personal data in the country.
China has accused Xiaomi and Tencent of illegally collecting data (https://www.securitylab.ru/news/503681.php)
… at least – this is the official version… that nobody believes.
SecurityLab, [24.12.19 10:05]
An attempt by Chinese farmers to fight drones infecting pigs with African plague has disabled the navigation systems of some aircraft.
As reported by the South China Morning Post, last month, in order to combat drones on one of the farms in the North-Eastern region of China, an unauthorized device was installed to stub the GPS signal.
Fighting criminals, Chinese farmers put out of action navigators aircraft (https://www.securitylab.ru/news/503682.php)
EAT LESS PORK!
SecurityLab, [24.12.19 11:05]
A team of specialists from the Tencent Blade group discovered five vulnerabilities in the SQLite database, called Magellan 2.0.
Their operation allows attackers to remotely run malicious code or cause a program to crash.
Problems affect all applications that use the SQLite database, but the most dangerous is the Google Chrome browser that uses the WebSQL API function.
Magellan 2.0 vulnerabilities pose a threat to Chrome users (https://www.securitylab.ru/news/503683.php)
SecurityLab, [24.12.19 13:20]
An international team of scientists from the University of St Andrews (Scotland), king Abdullah University of Science and technology (Saudi Arabia) and The center for unconventional scientific processes (USA) has developed a cryptographic system that can not be hacked even with the help of quantum computers.
Scientists have developed an „impenetrable“ cryptographic system (https://www.securitylab.ru/news/503684.php)
SecurityLab, [24.12.19 14:35]
Operators of a new peer-to-peer botnet (P2P) called Mozi actively checked Netgear, D-Link and Huawei routers for unreliable Telnet passwords during a recent malicious campaign.
New Mozi botnet infects Netgear, D-Link and Huawei routers (https://www.securitylab.ru/news/503685.php)
SecurityLab, [24.12.19 14:35]
The Ministry of digital development, communications and mass communications of the Russian Federation told about the results of the first exercises that took place several days in Moscow, Vladimir, Rostov and several other regions within the framework of the law on the sovereign Runet.
The results of the first exercises in the framework of the law on the sovereign Runet are presented (https://www.securitylab.ru/news/503686.php)
SecurityLab, [24.12.19 15:25]
A government contractor providing cybersecurity support to the U.S. military faces jail for illegally storing large amounts of classified information.
According to the publication The Daily Beast, William Kinsel (William Kinsel) daily brought home on a personal „flash drive“ secret documents.
According to the accused, he did not pursue any malicious intent, it was just more convenient for him to work at home.
A U.S. government contractor brought home secret documents on a flash drive (https://www.securitylab.ru/news/503687.php)
… argh … after all those Snowden revelations CIA and NSA have gone spicy.