At Kaspersky’s recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelist’s post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it. What is FinSpy … [Read more...] about FinSpy (aka FinFisher) spyware for Windows, macOS, Linux, Android, and iOS
iOS
6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk … [Read more...] about 6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS
New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, … [Read more...] about New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security … [Read more...] about Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Why you need to update iOS and iPadOS to version 14.4 immediately
Apple has released a security update to close three zero-day vulnerabilities: CVE-2021-1780, CVE-2021-1781, and CVE-2021-1782. Because Apple believes unnamed cybercriminals are already exploiting those vulnerabilities, the company advises all iOS and iPadOS users to update their operating systems. The vulnerabilities CVE-2021-1780 and CVE-2021-1781 are vulnerabilities in the … [Read more...] about Why you need to update iOS and iPadOS to version 14.4 immediately
Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said. "11 out of 16 targets … [Read more...] about Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered
Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with … [Read more...] about Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software … [Read more...] about Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend."A … [Read more...] about Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile … [Read more...] about Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud