#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

safari vulnerability | Breaking Cybersecurity News | The Hacker News

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims
Apr 22, 2020
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity , reveal that the exploit — named "Insomnia" — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019. Volexity said the attacks were carried out by a state-sponsored hacking group it calls Evil Eye , the same threat actor that it said was behind a series of attacks against the Uyghurs last September following a bombshell disclosure by Google's Project Zero team . China has long considered Xinjiang a breeding ground for " separatists, terrorists and religious extremists ," with the residents of the region — ethnically Turkic Muslims — thrown into concentration camps , and subjected to persecution and high-tech surv

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
Apr 03, 2020
If you use an Apple iPhone or a MacBook, we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren , who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them. The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020). "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said. When chained together, three of the reported Safari

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
Oct 01, 2019
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks. But rather than relying on visitors' willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users' sessions as possible. In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April , which allowed them to successfully bypass browser's built-in pop-up blocker on iOS devices and hij

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Aug 30, 2019
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of remotely jailbreaking an iPhone and implanting spyware on it. Those iOS exploit chains were found exploiting a total of 14 separate vulnerabilities in Apple's iOS mobile operating system—of which 7 flaws resided in Safari web browser, 5 in the iOS kernel and 2 separate sandbox escape issues—targeting devices with almost every version in that time-frame from iOS 10 through to the latest version of iOS 12. According to a deep-dive blog post published by Project Zero researcher Ian Beer, only two of the 14 security vulnerabilities were zero-days, CVE-2019-7287 and CVE-2019-7286, and unpat
Cybersecurity Resources