Chinese authorities are attacking users who are connecting to Apple's iCloud website in what appears to be a surveillance push to steal users' login credentials, according to a Chinese censorship monitoring group.
After the new iPhone 6 went on sale in China, connections to iCloud.com were hijacked and stripped of the usual encryption that prevents hackers and government spies from intercepting the username and password typed by someone connecting to the site. This is another example of what is technically known as a "man-in-the-middle" (MITM) attack. China has been accused of intercepting connections with a MITM attack against Github, Google, and, more recently, Yahoo.Read more
A highly advanced adversary dubbed Hurricane Panda is targeting major infrastructure companies with a zero-day exploit—and it has been since last spring. The timestamp of the attack suggests that the vulnerability has been actively exploited in the wild for at least five months.
CrowdStrike first detected suspicious activity on a 64-bit Windows Server 2008 R2 machine that was attributed to a compromise by the group. It uncovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability.Read more
Security researcher Will Dormann of the US Computer Emergency Response Team (CERT) has reported this week that over 350 apps from the Google Play and Amazon App stores have been compromised due to a flaw that fails to validate certificates over a secure socket layer.
The bug, which opens up many popular mobile applications such as the eBay mobile shopper and the Microsoft Tech Companion to fairly rudimentary man-in-the-middle attacks, has been tracked and logged by the CERT team for only about a week now. But instead of waiting the standard 45-days to silently communicate the problem to the affected companies in order to give them a chance to get out in front of the issue with appropriate patches.Read more
China is looking to launch its own operating system, an initiative that the government reportedly hopes will make its information systems more secure. Ni Guangnan, of the Chinese Academy of Engineering, the country's state-run engineering arm, says the new Chinese operating system could be launched as early as October.
Details regarding the underpinnings of the operating system have yet to be revealed, but the move was reportedly spurred by the end of support of Windows XP and the ban on Windows 8 in China. The government also launched an anti-monopoly probe against Microsoft earlier this year.Read more
Google’s handling of “right to be forgotten” requests from European citizens will come under fire from the continent’s privacy watchdogs on Thursday, after the search engine restricted the removal of Internet links to European sites only.
European data protection authorities are meeting representatives of Google, Microsoft, which operates the Bing search engine, and Yahoo to discuss the implementation of the landmark ruling from Europe’s top court upholding people’s right to request that outdated links be removed from Internet search results. European Union privacy watchdogs have several concerns on the way the ruling, which has pitted privacy advocates against free speech defenders, is being implemented, particularly by Google, according to a person familiar with the matter.Read more
State experts believe that the operating system is used to grab data about Chinese citizens.
Chinese experts have prepared a state-backed news report that Microsoft’s Windows 8 has been branded a threat to China’s cybersecurity. The report was prepared by China’s CCTV specialists and Chinese government supports them completely.China’s CCTV broadcast a strongly critical story in which experts suggested Windows 8 was being used to grab data about Chinese citizens. It should be recalled that only days after China banned the use of Windows 8 on many government computers.“Microsoft would no longer open its Windows 8 source code to the Chinese government.Read more
Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.
According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.
All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.Read more
Internet service providers must turn over customer emails and other digital content sought by U.S. government search warrants even when the information is stored overseas, a federal judge ruled on Friday.
In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies. If U.S. agencies were required to coordinate efforts with foreign governments to secure such information, Francis said, "the burden on the government would be substantial, and law enforcement efforts would be seriously impeded."Read more
Now your TV could be infected by computer viruses. Technology security expert warns cyber criminals could infect millions of devices. Televisions could soon be infected by computer viruses, one of the world's top technology security experts has warned.
Eugene Kaspersky is co-founder and chief executive of Russia’s Kaspersky Lab, the world’s fourth largest computer antivirus company. He said threats will spread to the 'home environment' and televisions as internet connections make technology more vulnerable.Televisions could soon be infected by computer viruses, one of the world's top technology security experts has warned In an interview with The Telegraph he said his company's headquarters in Moscow receives 315,000 suspicious activity reports every day.Read more
Syrian Electronic Army (SEA) hackers have reportedly obtained documents that reveal how much money the FBI pays Microsoft each time agents try to obtain or view an individual customer’s communication information. The SEA, a group that has made headlines in the past for infiltrating Western media outlets that it perceives to be against Syrian President Bashar Assad, provided a trove of emails and invoices to the Daily Dot, which analyzed the documents before publishing them.
“The documents consist of what appear to be invoices and emails between Microsoft’s Global Criminal compliance team and the FBI’s Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers’ data,” wrote the Daily Dot’s Kevin Collier and Fran Berman.Read more