Search Results for “Lily Hay Newman”

April 23, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
More Than Twelve State-Sponsored Hacking Groups Use Coronavirus Phishing Emails to Lure Victims, Distribute Malware, Google

More than twelve state-sponsored hacking groups are using the coronavirus to craft phishing emails and attempt to distribute malware, Google’s Threat Analysis Group (TAG) reports. Google says its security systems have detected “examples ranging from fake solicitations for charities and NGOs to messages that try to mimic employer communications to employees working from home to websites posing as official government pages and public health agencies.” One notable campaign tried to target the personal accounts of U.S. government employees with phishing lures using American fast-food franchises and COVID-19 messaging, offering free coupons and suggesting the victims visit free food delivery sites. Google has also seen nation-states posing as health organizations as well as targeting health organizations directly.

Related: Mashable, Boing Boing, Google, iTnews – Security,,, Reuters: Business News, Engadget, The Hill, RAPPLER, SecurityWeek, Digital Journal

Tweets:@mrisher @ryanaraine

March 24, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Google Removed Over Fifty Apps From Its Play Store That Are Part of New Adware Family Tekya, Twenty-Four Apps Were Specifically Aimed at Children

At the beginning of March, Google removed 56 applications from its Play Store that had been downloaded almost a million times and are part of a new malware family dubbed ‘Tekya’ by researchers at Check Point who discovered the apps. The apps appeared benign but were tainted with adware. Although more than half the apps claimed to be simple utilities like calculators, translation tools, or cooking apps, twenty-four were explicitly targeted at kids offering child-appealing options such as puzzles and racing games.

Related: Engadget,, Cyberscoop, Check Point Research, The Next Web, BetaNews, The Hacker News

Tweets:@TheHackersNews @TheHackersNews

May 24, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Just-Released iOS Jailbreak Is Based on Zero-Day Flaw and Works on All Recent Versions, Apple Will Likely Take Weeks to Issue Fix

The jailbreaking team Unc0ver released a tool that will jailbreak all versions of iOS from 11 to 13.5. It is a jailbreak built on the first zero-day vulnerability in years, and Unc0ver did not disclose its findings to Apple in advance, meaning that there’s no patch coming in the next few days that will block the jailbreak. Security researchers who have tested say it’s stable. The flaw resides in iOS’s kernel.  Unc0ver’s lead developer Pwn20wnd and independent iOS security researchers estimate that it will take Apple two to three weeks minimum to prepare a fix unless they have already found the bug independently.

Related: ZDNet Security, WIRED, iPhone Hacks, Softpedia News, Big News Network, xda developers, iMore, TechCrunch, Slashdot, Reddit-hacking, TechWorm, The Verge, Softpedia News, AppleInsider, iPhone Hacks, Security Affairs, iTnews – Security

Tweets:@Pwn20wnd @ malwarejake @HiMyNameIsUbik

ZDNet Security: New Unc0ver jailbreak released, works on all recent iOS versions
Joseph Cox – VICE: Hackers Just Dropped a Jailbreak They Say Works for All iPhones
iPhone Hacks: How to Jailbreak iOS 13.5 on iPhone or iPad Using Unc0ver Jailbreak
Softpedia News: You Can Now Jailbreak Any iPhone Running iOS 13.5
Big News Network: Hackers release a new jailbreak that unlocks every iPhone TechCrunch
xda developers : New unc0ver exploit allows jailbreaking Apple iPhone and iPads running iOS/iPadOS 12 to 13.5 – XDA Developers
iMore: Does ExpressVPN work with Apple TV?
TechCrunch: Hackers release a new jailbreak that unlocks every iPhone
Slashdot: Newly-Released Jailbreak Tool Can Unlock Every iPhone and iPad
Reddit-hacking: New Unc0ver jailbreak released, works on all recent iOS versions | ZDNet
TechWorm: Hackers Release A New JailBreak That Works On All Recent iOS Versions
The Verge: New jailbreak tool works on Apple’s just-released iOS 13.5
Softpedia News: You Can Now Jailbreak Any iPhone Running iOS 13.5
AppleInsider: Hackers release ‘unc0ver’ 5.0 jailbreak tool that works on iOS 13.5
iPhone Hacks: iOS 13.5 Unc0ver 5.0 Jailbreak For All iPhones and iPads Released
Security Affairs: Unc0ver is the first jailbreak that works on all recent iOS versions since 2014
iTnews – Security: Unc0ver jailbreak opens up Apple iOS 11 to 13.5

@Pwn20wnd: #unc0ver v5.0.0 will be the first 0day jailbreak released since iOS 8! Every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware. This will be a big milestone for jailbreaking.
@ malwarejake: I remember when people thought it was cool to jailbreak a device for daily use. The only reason we jailbreak anything today is for security testing. I can't imagine wanting a device I can't patch anymore, especially as Zerodium is signalling too many vulns
@HiMyNameIsUbik: So happy to be a part of the @unc0verTeam and creating the UI for the #unc0ver jailbreak. Thanks @Pwn20wnd ! May you find many more 0days and hack many future iOS versions.

May 20, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Nigerian Cybercriminal Group Scattered Canary Has Stolen Hundreds of Thousands in Scam Unemployment, COVID-19 Relief Payments

An actor within the Nigerian cybercriminal group Scattered Canary is filing fraudulent unemployment claims and receiving benefits from multiple states, while also receiving Cares payouts from the Internal Revenue Service, researchers at Agari report. The Secret Service last week warned of a scheme to defraud state and federal authorities of employment funds. The Scattered Canary scheme has netted hundreds of thousands of dollars in scam payments from regular unemployment, the extra $600 per week that out-of-work Americans can claim during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the Cares Act are all vulnerable targets for cybercriminals. Agari researchers say that Scattered Canary, which is a full-service, business email compromise operations, has filed at least 174 fraudulent unemployment claims in Washington since April 29 and 17 fraudulent claims in Massachusetts on May 15 and 16 that were all accepted.

May 9, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
In-Person DEFCON and Black Hat Conferences Are Canceled This Year For Real, DEFCON Will Continue in ‘Safe Mode’ Virtual Format

After the infosec community joked for years that DEFCON, the preeminent hacker conference held every year in Las Vegas, would be canceled, this year, due to the coronavirus, the in-person version of DEFCON, along with the in-person version of its sister conference Black Hat, has been canceled for real. Both events will now shift to virtual mode.  The founder of both events, Jeff Moss, also known as the Dark Tangent, said in a forum post that the 28th Defcon would be known as “Safe Mode,” a play on what most operating systems use for their diagnostic and recovery mode. The conference organizing team will begin to coordinate talks, help facilitate subject-specific “villages” that are usually independent in-person events, and host events like remote capture-the-flag hacker challenges, remote Ham radio licensure exams, movie nights, and a Mystery Challenge.

Related: Dark Tangent, Reddit – cybersecurity,, ZDNet, Neowin, Slashdot

Tweets:@defcon @harrihursti @steve_tornio @runasand @tactifail @racheltobac @marcwrogers @find_evil @snubs @hacks4pancakes

Dark Tangent: DEF CON 28 has entered “Safe Mode with Networking” I have shut down the in person conference
Reddit-hacking: Black Hat and DEF CON security conferences to take place in a virtual format | ZDNet Black Hat and Def Con security conferences go virtual due to pandemic
ZDNet: Black Hat and DEF CON security conferences to take place in a virtual format
Neowin: DEF CON 2020 to take place online on Discord, Las Vegas conference cancelled
Slashdot: In-Person DEF CON 28 Event Is Canceled

@defcon: The @thedarktangent blog post on the #defconiscancelled situation is here: Please read and share. Thank you. #defconlovesyou #StaySafe
@harrihursti: In-person @DEFCON is officailly cancelled. The annual hoax announcement is not a hoax this time. @VotingVillageDC will organize a virtual event. Stay tuned!
@steve_tornio: Defcon and Black Hat may be cancelled, but MGM and Caesars staff will still be coming to your house unannounced to rifle through your things.
@runasand: Do I need a burner phone for virtual defcon or no
@tactifail: Interesting thing about @defcon 28. If you look at the ASCII table, you’ll notice that there is no octal value for 28 because 28 in octal doesn’t exist; it goes right from 027 to 030. 030 is the CAN character. For “canceled”. Coincidence? I think not.
@racheltobac: With the number of folks buying @defcon swag on eBay right now I’m just going to come right out and say that we should keep our heads on a swivel for an “eBay package delay” phish. It won’t be from me, but I bet we’ll see at least one in the community Robot faceSign of the hornsFishing pole and fish
@marcwrogers: DEF CON is officially cancelled. we will be putting on an online event instead. Details in the post. #DEFCON #DEFCONisCANCELLED
@find_evil: #DEFCON may be canceled IRL for the first time ever but the virtual event will still proceed — and I, for one, am looking forward to it ?
@snubs: YALL. DEF CON is actually, really cancelled. #defcon @defcon Everyone in charge made the right choice. Thank you @thedarktangent and all involved for considering our health and safety a priority. ??
@hacks4pancakes: What’s something good you hope comes out of @defcon Safe Mode? Positive thoughts and ideas only. Go!

May 7, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
GitHub Makes Its Automated Scanning Tools Available to Spot Vulnerabilities in Open Source Projects on Its Platform

Microsoft-owned code repository GitHub is making available its automated scanning for its GitHub Advanced Security suite that will make it easier to root out vulnerabilities in the open source projects managed on its platform. The new features code scanning and secret scanning are currently in beta and leverage the CodeQL code analysis engine, which has been offered for free to open source projects as part of an initiative announced by GitHub last year.

April 20, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Cloudflare Launches Site to Promote Awareness of Internet Providers’ Unstable BGP Practices

Because disruptions in internet data routing standard Border Gateway Protocol (BGP) have allowed significant amounts of web traffic to take unexpected detours through foreign infrastructure, Cloudflare has launched “Is BGP Safe Yet?,” a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable. Cloudflare estimates that about half of the internet is better protected from these disruptions due to efforts from major companies such as AT&T, the Swedish telecom Telia, and the Japanese telecom NTT adopting BGP improvements. However, other major internet companies such as Comcast have failed to implement the necessary BGP protection, and Cloudflare seeks to raise awareness of these failings with its new site.

November 22, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Massive Trove of Information on 1.2 Billion People Found Exposed on an Unsecured Server, Provides Rich Resource for Hackers to Impersonate or Hijack People’s Accounts

A trove of aggregated consumer data was sitting exposed and easily accessible on an unsecured server, comprising four terabytes of personal information, encompassing 1.2 billion records in all, dark web researcher Vinny Troia discovered. The data does not include sensitive information like passwords, credit card numbers, or Social Security numbers. But it does provide hackers with a rich resource for impersonating or hijacking people’s accounts. It contains profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses. The IP address for the server containing the data simply traced to Google Cloud Services, making it hard to determine the owner.  Three of the data sets come from a data broker based in San Francisco called People Data Labs, which claims to have data on 1.5 billion people for sale. One of the data sets might belong to Wyoming-based data broker Oxydata, which claims to have 4 TB of data, including 380 million profiles on consumers and employees in 85 industries and 195 countries around the world. Neither data broker claims to be the owner of the trove. Troia provided information from the trove to Hunt for HaveIBeenPwned. In all, Hunt added more than 622 million unique email addresses and other data to his repository and is currently notifying the HaveIBeenPwned network. Troia reported the exposure to contacts at the Federal Bureau of Investigation, and within a few hours, someone pulled the server and the exposed data offline.

Related: Data Viper, Android Central ,,, SC Magazine, CNET, Security Affairs, Daily Mail, Mashable, Solutions ReviewDark Reading, Reddit – cybersecurity, DataBreachToday.comRT News, The Mac Observer

Tweets:@lilyhnewman @pseudohvr @vinnytroia @DataViperIO @gabsmashh @brysonbort

Data Viper: Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak
Android Central : OnePlus security breach leaks emails, phone numbers and addresses Google Cloud Server Left A Billion Users’ Info Vulnerable Mysterious User Hoarded Records on 1.2B People Via Leaky Database
SC Magazine: Unsecured server exposes 4 billion records, 1.2 billion people | SC Media
CNET: 1.2 billion records exposed in unsecured database
Security Affairs: Personal and social information of 1.2B people exposed on an open Elasticsearch install
Daily Mail : Profiles of 1.2 billion people are discovered on the dark web in an unsecure server
Mashable: Absolutely humongous data breach exposes more than a billion records
Mashable: Absolutely humongous data breach exposes more than a billion records
Solutions Review: 1.2 Billion Records Exposed in Historic Server Leak: What We Know
Dark Reading: 1.2B Records Exposed in Massive Server Leak
Reddit – cybersecurity: 1.2 Billion records found exposed online in a single server. Unsecured Server Exposed Records of 1.2 Billion: Researchers
RT News: 1.2 BILLION people’s data – including social media profiles and contact info – found on unsecured Google Cloud server
The Mac Observer: Database of 1.2 Billion Records Found With Scraped Data

@lilyhnewman: "Given the proliferation, just how much data is out there, somebody is going to find a way to exploit even the most mundane items of information” @pseudohvr
@pseudohvr: Excellent article from @WIRED’s @lilyhnewman . One of my big takeaways after chatting was to not sit idly by with a “meh, so what” attitude towards even small bits of information being leaked. It’s YOUR data. And it can be used against you.
@vinnytroia: Info on 1.2 Billion users exposed online. Includes personal info, @facebook@Twitter and @LinkedIn profiles. #databreach @DataViperIO
@DataViperIO: Read our official analysis on the 1.2 Billion exposed used records. #databreach @vinnytroia @MayhemDayOne @troyhunt
@gabsmashh: sooo...a breach of compiled, already-publically-available data?
@brysonbort: So... someone discovered what we used to call... a phone book?

September 25, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
After a Few Missteps, Cloudflare Relaunches Warp, a Streamlined Alternative to Buggy VPNs

Cloudflare, which announced in April Warp, a streamlined alternative to the buggy, slow and frustrating options that make up most of the mobile VPN market, has finally relaunched the VPN following a few missteps that left Warp with the same problems as other VPNs. Between then and now, the waitlist of users who want Warp grew to two million. The VPN builds on Cloudflare’s existing mobile app, which encrypts “domain name system” connections, so internet service providers or other lurkers can’t see which websites users access. It also offers end-to-end encryption to the web server and back and it does it quickly without draining batteries. It also offers an easy set-up.

June 27, 2019
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Excel Feature Called Power Query Can Be Abused to Launch Office 365 System Attacks

An Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks, threat intelligence firm Mimecast reports. Power Query is a business intelligence (BI) tool that lets users integrate their spreadsheets with other data sources, such as an external database, text document, another spreadsheet, or a web page. It is the mechanism for linking out to other components in Power Query that can be abused to link to a page that contains malware. Mimecast developed a technique that can allow attackers to launch a Dynamic Data Exchange (DDE) attack into an Excel spreadsheet and actively control the payload Power Query. Last week, Microsoft’s own security intelligence team warned that attackers are actively exploiting Excel macros, application tools to enhance functionality, to launch malware. The Redmond giant says that both macros and Power Query can be controlled using an Office 365 management feature called “group policies” where users can disable certain features to stay safe.