The iPhone-Hacking Sites Google Found Apparently Went After Android and Windows Users Too

Those hackers Google’s researchers sussed out earlier this week apparently went after more than just iPhone users. Microsoft’s operating system along with Google’s own were also targeted, according to Forbes, in what some reports are calling a possibly state-backed effort to spy on the Uighur ethnic group in China. Read More >>

Apple Sues Corellium for Selling Access to Cloud-Based ‘Perfect Replicas’ of iOS

Apple is suing a company, Corellium LLC, that it says is illegally reselling virtual copies of its iOS operating system under the pretence of legitimate security research, Bloomberg reported on Thursday. Read More >>

Capital One Really Dropped the Ball on the Anti-Hack Stuff: Report

Ahead of a massive data breach that exposed the personally identifiable information of more than 100 million people, a new report claims, Capital One may have failed to take measures to better detect potential hacks—which, from where now stand, seems like a pretty big misstep. Read More >>

Buttplug Hacker Talks Security, Consent, and Why He Hacked a Buttplug

Voting machines weren’t the only thing getting penetrated at DEF CON this year. Read More >>

Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs

Microsoft has fixed a “serious security flaw in Intel processors” that threatened to undo both companies’ work patching the Spectre and Meltdown vulnerabilities, Tom’s Guide reported on Tuesday. Read More >>

Google’s Project Zero Finds Six ‘Interactionless’ iOS Vulnerabilities Using iMessage App

Apple released bug fixes for five major security issues in iOS that can be exploited via its iMessage client app last week after they were discovered by researchers for competitor Google’s exploit-hunting Project Zero, though an additional issue was reported and not totally resolved in the iOS 2.4 update, according to the BBC. Read More >>

Security Researcher Marcus Hutchins, Who Helped Stop WannaCry, Sentenced to Supervised Release

The security researcher who is credited with helping stop the WannaCry ransomware attack in 2017, Marcus Hutchins, was sentenced to time served and a year of supervised release this week after he pleaded guilty to unrelated malware charges earlier this year. Read More >>

Hackers Reportedly Break Into SyTech, a Contractor for Russia’s Federal Security Service

Hackers breached servers at a contractor for Russia’s Federal Security Service (FSB), SyTech, and stole about 7.5 terabytes of data after gaining access to the company’s entire network earlier this month, ZDnet reported on Saturday. Read More >>

Report: NSO Group’s Pegasus Spyware Can Break Into Cloud Services, Transmit User Data to Server

Israeli spyware company NSO Group’s powerful Pegasus malware – the same spyware implicated in a breach of WhatsApp earlier this year – is capable of scraping a target’s data from the servers of Apple, Google, Amazon, Facebook and Microsoft, according to a report in the Financial Times on Friday. Read More >>

Zoom Backtracks, Says It Will Actually Fix Major Flaw That Could Let Hackers Hijack Mac Webcams

After initially defending their decision to install insecure local web servers on Mac users’ machines that posed a major security risk and could be hijacked by attackers, teleconferencing app Zoom has backtracked and has said it will quickly remove the “feature.” Read More >>

Serious Security Flaw With Teleconferencing App Could Allow Websites to Hijack Mac Webcams

On Monday, security researcher Jonathan Leitschuh publicly disclosed a serious zero-day vulnerability in conferencing software Zoom – which apparently achieves its click-to-join feature, which allows users to go directly to a video meeting from a browser link, on Mac computers by installing a local web server running as a background process that “accepts requests regular browsers wouldn’t,” per the Verge. As a result, Zoom could be hijacked by any website to force a Mac user to join a call without their permission, and with webcams activated unless a specific setting was enabled. Read More >>

Alleged Cyber Attack on Russia’s Yandex Used Malware Tied to Western Intelligence

Hackers believed to be working for Western intelligence agencies “broke into Russian internet search company Yandex from October to November 2018,” deploying a malware variant called Regin that is “known to be used by the ‘Five Eyes’ intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada,” Reuters reported on Friday, citing four people with knowledge of the incident. Read More >>

Anonymous Hacker Sentenced After Dropping USB While Throwing Molotov Cocktail

If you’re going to commit crimes in public, it’s probably smart to secure anything on your person that connects you to other crimes. Read More >>

Hacker Used Raspberry Pi to Steal Sensitive NASA Docs

Turns out a tiny Raspberry Pi was at the source of a big headache for NASA. An audit released by the NASA Office of Inspector General on 18 June reveals that an early 2018 cyberattack utilising one of these mini-computers resulted in a hacker making off with restricted documents. Read More >>

Watch Never-Before-Released Video From Cult of the Dead Cow’s Def Con 7 Reveal

When I was a little kid, there’s nothing I wanted more than to be a hacker. Of course, my 12-year-old brain’s perception of what it meant to be a hacker was horribly skewed by movies like The Lawnmower Man, Tron, and tabletop RPGs like Shadowrun. (If only, right?) Read More >>