Lifeboat Foundation

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.”

To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken from their LinkedIn profiles.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the ‘position’ added to the end),” cybersecurity firm eSentire’s Threat Response Unit (TRU) said in an analysis. “Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.”

Data affecting more than 500 million Facebook users that was originally leaked in 2019, including email addresses and phone numbers, has been posted on an online hackers forum, according to media reports and a cybercrime expert.

“All 533000, 000 Facebook records were just leaked for free,” Alon Gal, chief technology officer at the Hudson Rock cybercrime intelligence firm, said Saturday on Twitter.

He denounced what he called the “absolute negligence” of Facebook.

A user in a low level hacking forum has published the phone numbers and personal data of hundreds of millions of Facebook users for free online.

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.

Cybersecurity specialists report that Intel is facing a class action lawsuit for violating an anti–wiretapping law in the state of Florida, US. The plaintiffs argue that the company hid software on its website that allowed it to record users’ keystrokes and mouse movements without their express consent.

This is a new case of practice known as session replay, used by multiple companies to take detailed records of how their users interact with their websites, involving the capture of mouse movements, clicks and information queries on the page visited.

Continue reading “Intel’s website records and tracks keystrokes, mouse clicks, and user cursor movement” »

Brown University is facing a cyberattack that has forced the school to shut some systems down — in an event that Brown is calling an “utmost priority.”

Jack Wrenn, a fifth-year doctoral candidate, said that official information was still “frustratingly scant” as of Wednesday night.

Wrenn provided a timeline as to what he understood transpired, and when the university community was notified.

Cyber-security companies are warning about the rise of so-called ‘extortionware’ where hackers embarrass victims into paying a ransom.

Hacked firm’s IT Manager named and shamed by hackers in extortion technique.

Google stops western government hacking.

“Instead of focusing on who was behind and targeted by a specific operation, Google decided to take broader action for everyone. The justification was that even if a Western government was the one exploiting those vulnerabilities today, it will eventually be used by others, and so the right choice is always to fix the flaw today.”

A decision to shut down exploits being used by “friendly” hackers has caused controversy inside the company’s security teams.

Continue reading “Google’s unusual move to shut down an active counterterrorism operation being conducted by a Western democracy” »

Technology like sensors built into infrastructure and emergency alerts has possible benefits, but in a new study dozens of experts weigh in on where some of the more significant pitfalls may lie.