Apple releases patches for zero-day vulnerability to block spyware

Apple users need to update their software immediately. Security experts discovered a flaw that allows highly intrusive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch and…

Razer flaw allows threat actors to take over Windows PCs

Threat actors could gain Windows admin privileges by connecting in a Razer mouse or keyboard because of a zero-day vulnerability in Razer Synapse.   Razer is a well-known computer accessory…

WiFiDemon – iPhone Wi-Fi bug could also enable RCE

Carl Schou, a researcher, uncovered a new WiFi bug in June that can permanently disable iPhone users’ WiFi by disconnecting it.   The WiFi bug can be triggered by merely…

Pegasus Project – Spyware used to target journalist, activists and others

The Pegasus Project was a large-scale investigation into the leak of 50,000 phone numbers of possible spying targets, which indicated NSO Group’s malware was being exploited.   According to an…

Israeli firm Candiru exploited Windows zero-days to deploy spyware

Candiru, an Israeli surveillance company also known as Sourgum, used Windows zero-day exploits to release DevilsTongue, a new Windows malware.   According to Microsoft and Citizen Lab researchers, Candiru’s spyware…

Trickbot makes a comeback with its VNC module for high-value targets

Despite law enforcement actions intended at eliminating the Trickbot botnet, it continues to evolve. The creators recently released an upgrade for the VNC module, which is used to control infected…

Amazon rolls out Ring end-to-end encryption globally

Amazon-owned Ring to roll out End-to-End Encryption based videos in compatible devices worldwide.   On 13th Jan 2021, Ring announced the launch of End-to-End Encryption in technical preview for US…

REvil ransomware gang’s websites shut down: Report

The REvil ransomware operation’s infrastructure and websites have unexpectedly vanished from the dark web, leading to speculation that the criminal operation has been shut down.   REvil, or Sodinokibi, is…

Magecart hackers hide stolen credit card data into images and fake CSS files

Magecart hackers have devised a new strategy for altering malware within comment blocks and disguising stolen credit card data in pictures in order to avoid detection.   Magecart is an…

Kaseya issued fixes for flaws exploited in REvil ransomware attack

The VSA zero-day vulnerabilities were used by the REvil ransomware gang to attack MSPs and their clients, and Kaseya has published security patches for them.   Kaseya VSA is a…