Researchers at Jamf have discovered a technique called ‘fake airplane mode’ that allows attackers to maintain connectivity on iPhones while making users believe they are offline. The attack involves intercepting the API call triggered by tapping on the airplane mode icon in the Control Center, which turns off Wi-Fi but not the mobile network. The researchers found a way to misrepresent the state of connectivity on the device, but the attack can be mitigated by checking the settings page directly instead of relying on the Control Center or browser notifications.
Cyfirma security researchers have identified the real identity of the developer behind the CypherRAT and CraxsRAT malware. The individual, operating under the online handle ‘EVLF DEV’ and based in Syria, has been selling these remote access trojans (RATs) to various threat actors for the past eight years, earning over $75,000. The developer is also a malware-as-a-service (MaaS) operator, offering the dangerous Android RAT, CraxsRAT, on a surface web store.
A high-severity security flaw has been discovered in the WinRAR utility that could allow remote code execution on Windows systems. The vulnerability, tracked as CVE-2023-40477, is caused by improper validation while processing recovery volumes. Users are advised to update to the latest version of WinRAR to mitigate potential threats.
Australian lender Latitude Financial has reported that a recent ransomware attack has cost the company AU$76 million. The attack resulted in the exposure of information belonging to approximately 7.9 million people in Australia and New Zealand, including contact details, dates of birth, driver’s license and passport numbers, and bank account and payment card numbers. The incident has sparked a debate on whether the Australian government should ban payments to ransomware groups to discourage cybercriminals from targeting organizations in the country.
The FBI, NCSC, and AFOSI have issued an alert warning US space industry organizations of increased targeting and exploitation by foreign intelligence entities (FIEs). These entities use tactics such as cyberattacks, supply chain compromise, and strategic investments to gain access to the US space industry. The targeting and exploitation not only impact national security, but also economic security and global competition in the sector.
A recent scam involves fake AI bots that try to install malware on users’ devices. The scam starts with an ad on Facebook promoting a fake AI tool called ‘Google Bard AI’. The ad leads to a suspicious website that tricks users into downloading a malicious file, which is flagged as malware by security vendors. This campaign highlights the need for users to be cautious and vigilant when encountering ads or offers related to AI technology.
A Brazilian hacker testified at a congressional hearing that former President Jair Bolsonaro asked him to hack into Brazil’s electronic voting system to expose its alleged weaknesses before the 2022 presidential election. The hacker, Walter Delgatti Neto, provided detailed testimony but did not present any evidence. Bolsonaro’s lawyers plan to take legal action against Delgatti, accusing him of making false claims without evidence.
Juniper Networks has released patches for four vulnerabilities in the J-Web interface of Junos OS that can be chained together to achieve unauthenticated, remote code execution. The vulnerabilities, rated as ‘medium’ severity individually but ‘critical severity’ when exploited together, allow attackers to control environment variables and upload arbitrary files, leading to loss of integrity and potential impact on file system integrity. Users are advised to update their appliances to the latest Junos OS versions to mitigate the risk of exploitation.
The HiatusRAT malware has returned with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. The threat actors have recompiled malware samples for different architectures and hosted them on new virtual private servers. The attacks, described as audacious, have targeted commercial firms and a U.S. Department of Defense server, with the goal possibly being to gather information on military contracts.
Wholesale energy software provider Energy One has confirmed a cyberattack that impacted certain corporate systems in Australia and the UK. The company is currently investigating the extent of the breach, including whether customer-facing systems were affected and whether any personal information has been compromised. Energy One has taken immediate measures to limit the incident’s impact, engaged cybersecurity specialists, and notified relevant authorities while temporarily disabling links between corporate and customer-facing systems.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.