WiFiDemon – iPhone Wi-Fi bug could also enable RCE

Carl Schou, a researcher, uncovered a new WiFi bug in June that can permanently disable iPhone users’ WiFi by disconnecting it.   The WiFi bug can be triggered by merely…

Pegasus Project – Spyware used to target journalist, activists and others

The Pegasus Project was a large-scale investigation into the leak of 50,000 phone numbers of possible spying targets, which indicated NSO Group’s malware was being exploited.   According to an…

Saudi Aramco data breach: Hackers stole 1 TB worth of data

Saudi Aramco suffers a massive data breach. Hackers stole 1 TB of confidential data belonging to Saudi Aramco, the Saudi Arabian Oil Company, and sold it on the dark web.…

Israeli firm Candiru exploited Windows zero-days to deploy spyware

Candiru, an Israeli surveillance company also known as Sourgum, used Windows zero-day exploits to release DevilsTongue, a new Windows malware.   According to Microsoft and Citizen Lab researchers, Candiru’s spyware…

Trickbot makes a comeback with its VNC module for high-value targets

Despite law enforcement actions intended at eliminating the Trickbot botnet, it continues to evolve. The creators recently released an upgrade for the VNC module, which is used to control infected…

Amazon rolls out Ring end-to-end encryption globally

Amazon-owned Ring to roll out End-to-End Encryption based videos in compatible devices worldwide.   On 13th Jan 2021, Ring announced the launch of End-to-End Encryption in technical preview for US…

REvil ransomware gang’s websites shut down: Report

The REvil ransomware operation’s infrastructure and websites have unexpectedly vanished from the dark web, leading to speculation that the criminal operation has been shut down.   REvil, or Sodinokibi, is…

American fashion brand Guess suffers data breach

Guess, an American fashion brand, was hit by a ransomware attack in February, and the company has now announced a data breach and notified affected customers.   The attack was…

Magecart hackers hide stolen credit card data into images and fake CSS files

Magecart hackers have devised a new strategy for altering malware within comment blocks and disguising stolen credit card data in pictures in order to avoid detection.   Magecart is an…

Kaseya issued fixes for flaws exploited in REvil ransomware attack

The VSA zero-day vulnerabilities were used by the REvil ransomware gang to attack MSPs and their clients, and Kaseya has published security patches for them.   Kaseya VSA is a…