Downshift

Interesting

Tag: Hacking

Serbian authorities used phone hacking tools to unlock a journalist’s phone before infecting the device with malware

2024-12-16 /

Joseph Cox, writing for 404media »

Authorities in Serbia have repeatedly used Cellebrite tools to unlock mobile phones so they could then infect them with potent malware, including the phones of activists and a journalist, according to a new report from human rights organization Amnesty International.

The report is significant because it shows that although Cellebrite devices are typically designed to unlock or extract data from phones that authorities have physical access to, they can also be used to open the door for installing active surveillance technology.

Amazon postponing the implementing Microsoft’s cloud-based Office suite for its workforce due to security concerns

2024-12-12 /

Matt Day, writing in Bloomberg »

Amazon paused the rollout after Microsoft discovered a Russia-linked hacker group had gained access to some of its employees’ email accounts. After conducting its own analysis of the software, Amazon asked for changes to guard against unauthorized access and create a more detailed accounting of user activity in the apps, some of which Microsoft also markets as Office 365.

It’s an unusual confluence of events: a massive commercial deal between two Seattle-area cloud-computing rivals, a state-sponsored hack, and an engineering collaboration that could improve the security of the world’s most widely used office productivity software.

“We deep-dived into O365 and all of the controls around it and we held – just as we would any of our service teams within Amazon – we held them to the same bar,” said CJ Moses, Amazon’s chief information security officer.

US Bitcoin ATM operator ‘Byte Federal’ reports security breach affecting 58K customers

2024-12-12 /

Florida-based Byte Federal, the operator of 1,356 Bitcoin ATMs in the USA, is asking customers to reset login credentials following the data breach.

On December 12, 2024 Byte Federal submitted a filing with Maine’s attorney general, reporting a data breach resulting in unauthorized access to the personal data of some 58,000 customers.

Byte Federal reported it discovered the breach on November 18th, 49 days after it occurred on September 30th.

Byte Federal reported the hacker attempted to gain unauthorized access to the personal information of as many as 58,000 clients. The data included names, dates of birth, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction activity, and photographs of users.

Byte Federal operates 1,356 Bitcoin ATMs, accounting for 4.3% of all crypto ATMs in that country, according to data from CoinATMRadar.

Source » Cointelegraph

Researchers uncover Chinese spyware EagleMsgSpy used to target Android devices

2024-12-11 /

Ravie Lakshmanan, writing for The Hacker News »

“EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, [and] network activity.”

EagleMsgSpy has been described by its developers as a “comprehensive mobile phone judicial monitoring product” that can obtain “real-time mobile phone information of suspects through network control without the suspect’s knowledge, monitor all mobile phone activities of criminals, and summarize them.”

Elsewhere » TechCrunch | Recorded Future | BleepingComputer

Australia, Canada, New Zealand, and the U.S. warn of China-affiliated cyber attack targeting global telecom networks

2024-12-04 /

The Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), New Zealand’s National Cyber Security Centre (NCSC-NZ), U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) issued a warning that People’s Republic of China (PRC)-affiliated threat actors have compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign.

The joint statement reads »

The authoring agencies are releasing this guide to highlight this threat and provide network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors. Although tailored to network defenders and engineers of communications infrastructure, this guide may also apply to organizations with on-premises enterprise equipment. The authoring agencies encourage telecommunications and other critical infrastructure organizations to apply the best practices in this guide.

Related » FBI and CISA warn China is targeting the telecommunications Infrastructure

Be.

Do interesting things. Be bold. Respect. Adventure. Explore. Question. Listen. Learn. Try. Fail. Try better. Your mileage may vary. You are unique. Be yourself. Appreciate. Be kind. To others, with an equal measure to yourself. Do good. Do what’s right. It’s a one way ticket. Enjoy the ride. You are limited to one.

Note

Downshift.ca is not responsible for the content of other sites.

Made in Canada 🇨🇦 Yeah!

© 2024 Downshift

Theme by Anders NorenUp ↑