Kaspersky - NEWS POLITE

Kaspersky Finds Cybersecurity Threat That Targets iPhone Users via Malicious iMessage Attachment

Prominent cybersecurity and anti-virus firm Kaspersky has discovered a new cyberattack threat that targets iPhone models running older versions of iOS via iMessage application. The malware, found when the company was monitoring its own Wi-Fi network for mobile devices, infects the phone via a received iMessage, which contains a malicious attachment. The threat doesn’t require the iPhone user to do anything and utilises iOS vulnerability to install a spyware that takes complete control of device and user data.

According to a report about their findings published by Kaspersky, the malicious attachment sent via iMessage executes a code without the need for any action from the user. The malicious code then runs a set of commands for collection of private user data.

Kaspersky CEO Eugene Kaspersky tweeted about the iOS cyberattack, detailing that the spyware extracts private information like microphone recordings, photos from instant messengers, geolocation, and other data and transmits it to remote servers. The firm has dubbed the cyberattack threat as “Operation Triangulation.”

We’ve discovered a new cyberattack against iOS called Triangulation.

The attack starts with iMessage with a malicious attachment, which, using a number of vulnerabilities in iOS installs spyware. No user action is required.#IOSTriangulation pic.twitter.com/daxEYZwXwD

— Eugene Kaspersky (@e_kaspersky) June 1, 2023

Kaspersky said that the malware was found on the iPhones of dozens of employees and could target other iPhone users as well. He also added that the threat had been neutralised and details of the vulnerability have been sent to Apple. The CEO also noted that disabling the iMessage service would prevent vulnerable iOS devices from the attack.

The company said that after the malware is successfully installed on the device, the initial text and the accompanying exploit in the iMessage attachment are deleted. Kaspersky’s report said the attack was ongoing, and iOS 15.7 was the most recent version among the devices that were successfully targeted. iPhone models running iOS 16 appear to be safe from the threat, but Kaspersky did mention in the comments section of its report that they could not guarantee that other iOS versions were safe.

On Friday, Kaspersky also released tools for users to check if their device was infected.

Back in February, Apple released updates that fixed major vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models. At the time, Apple credited the researchers who found the flaws that allowed a remote user to bypass protections put in place by Apple and gain access to a user’s personal data as well as their camera, microphone, and call history.

Apple’s annual developer conference is just around the corner. From the company’s first mixed reality headset to new software updates, we discuss all the things we’re looking forward to seeing at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

TikTok Banned From Government Devices in Two US States Over Security Concerns; Huawei, Tencent Also Barred

The governors of Wisconsin and North Carolina on Thursday signed orders banning TikTok on government devices due to cyber security concerns, joining other US states and the federal government in prohibiting the use of the popular video app.

In addition to banning Chinese-owned TikTok from state devices, Wisconsin Governor Tony Evers said he was banning vendors, products and services from other Chinese companies including Huawei Technologies, Hikvision, Tencent Holdings – the owner of WeChat, ZTE Corp as well as Russian-based Kaspersky Lab.

“In the digital age, defending our state’s technology and cybersecurity infrastructure and protecting digital privacy have to be a top priority for us as a state,” Evers said.

North Carolina Governor Roy Cooper signed an order directing officials to develop a policy within 14 days that prohibits the use of TikTok, WeChat and “potentially other applications” that present cybersecurity risks on state devices.

More than 20 other states have also banned TikTok, owned by Chinese technology conglomerate ByteDance, from state devices including Ohio, New Jersey and Arkansas earlier this week.

TikTok said it was “disappointed that so many states are jumping on the political bandwagon to enact policies that will do nothing to advance cybersecurity in their states and are based on unfounded falsehoods about TikTok.”

The Democratic governors of Wisconsin and North Carolina joined mostly Republican governors who have led the charge to ban TikTok from state devices.

Calls to ban TikTok from government devices gained steam after US FBI Director Christopher Wray said in November it poses national security risks.

Wray flagged the threat that the Chinese government could harness the app to influence users or control their devices.

For three years, TikTok – which has more than 100 million users – has been seeking to assure Washington that the personal data of US citizens cannot be accessed and its content cannot be manipulated by China’s Communist Party or any other entity under Beijing’s influence.

Last month, US President Joe Biden signed into law a government funding bill that included a ban on federal employees from using or downloading TikTok on government-owned devices.

The law gives the White House Office of Management and Budget (OMB) 60 days “to develop standards and guidelines for executive agencies requiring the removal” of TikTok from federal devices. OMB declined to comment Thursday.

© Thomson Reuters 2023

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Huawei, ZTE May Soon Face US FCC Ban From Approval of New Telecom Equipment

The US Federal Communications Commission is set to ban approvals of new telecommunications equipment from China’s Huawei Technologies and ZTE in the United States on national security grounds, according to a document posted by the agency.

The FCC Chairwoman Jessica Rosenworcel last week circulated the proposed ban to the other three commissioners for final approval. The companies would not be able to sell new equipment in the United States without equipment authorisations.

In June 2021, the FCC voted to advance the plan to ban approvals for equipment in the US telecommunications networks from Chinese companies deemed national security threats, including Huawei and ZTE.

That came after a March 2021 designation of five Chinese companies on the so-called “covered list” as posing a threat to national security under a 2019 law aimed at protecting the US communications networks: Huawei Technologies, ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology and Zhejiang Dahua Technology.

The FCC said in June 2021 it was considering banning all equipment authorisations for all companies on the covered list.

This year, the FCC added Russia’s AO Kaspersky Lab, China Telecom (Americas), China Mobile International USA, Pacific Networks and China Unicom (Americas) to the covered list.

Rosenworcel said last year the new measures would “exclude untrustworthy equipment from our communications networks. … We have left open opportunities for (Huawei and other Chinese equipment) use in the United States through our equipment authorisation process. So here we propose to close that door.”

FCC Commissioner Brendan Carr said in 2021 the FCC had approved more than 3,000 applications from Huawei since 2018.

The FCC action would prohibit all future authorisations for communications equipment deemed to pose an unacceptable risk to national security.

In 2019, the United States placed Huawei, Hikvision and other firms on its economic blacklist.

Also in 2020, the FCC designated Huawei and ZTE as national security threats to communications networks — a declaration that barred the US companies from tapping an $8.3 billion (nearly Rs. 68,300) government fund to purchase equipment from the companies.

Earlier this year, the Chinese embassy in Washington said the FCC “abused state power and maliciously attacked Chinese telecom operators again without factual basis.”

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.