Search Results for “Wall Street Journal”


April 9, 2020
Anna Isaac, Caitlin Ostroff and Bradley Hope / Wall Street Journal

Anna Isaac, Caitlin Ostroff and Bradley Hope / Wall Street Journal  
Travelex Paid Ransomware Hackers $2.3 Million in Bitcoin After Its Crippling New Year’s Attack, Source

London-based foreign exchange company Travelex, which was crippled on New Year’s Eve and into the first weeks of 2020 by a ransomware attack, paid the ransomware hackers the equivalent of $2.3 million using 285 bitcoin to make the problem go away and retrieve their encrypted files, according to a person familiar with the transaction. Travelex was hit with ransomware called Sodinokibi, also commonly referred to as REvil or Sodin. The company was forced to take its internal networks and customer-facing systems offline for many weeks after the attack. The incident disrupted cash deliveries from Travelex’s global network of vaults to divisions of major international banks including Barclays and Lloyds Banking Group in the U.K. A group of hackers who claimed responsibility for the Travelex attack said in an online discussion with The Wall Street Journal in January that they had received the bitcoin payment. Most law enforcement agencies, including the U.K.’s National Crime Agency, advise against paying ransomware attackers.

Related: Graham Cluley, BleepingComputer.com, The Next Web, SiliconANGLE, Security Affairs, Reddit – cybersecurity

Tweets:@ceostroff @elizabethrkoh @GossiTheDog


April 22, 2020
Robert McMillan / Wall Street Journal

Robert McMillan / Wall Street Journal  
iPhone Zero-Day Flaw That Requires Only Specially Crafted Messages to Gain Phone Access Has Been Exploited for Two Years by Sophisticated Attackers, Researchers

In attacks that go back two years, iPhones have been exploited by sophisticated hackers who leveraged a zero-day flaw in the smartphone’s email software, according to digital security firm ZecOps. The hackers gained access to the phones by merely sending a specially crafted message, which triggers the attack when the phone’s email reader downloads the message. ZecOps wasn’t able to obtain the malware itself but based it determinations on the digital clues left after the attacks. The attacks were virtually undetectable due to the sophistication of the attackers and Apple’s efforts to make investigating the device difficult. The researchers were able to identify six targets of these attacks including employees of a telecommunications company in Japan, a large North American firm, technology companies in Saudi Arabia, and Israel, a European journalist and an individual in Germany. Apple has patched the mail bug in a test version of its iPhone operating system, but the fix hasn’t yet been widely released through an official IOS update.

Related: Motherboard, iMore, Security Affairs, The Hacker News, ZDNet Security, AppleInsider, iPhone Hacks, Cult of Mac, Reuters: Top News, Tech Insider, Cybersecurity Insiders, Inc.com, Engadget, The Register – Security, MobileSyrup.com, Tenable Blog, Cyber Kendra, MacRumors, CNET, PhoneArena, Security News | Tech Times, HotHardware.com, TechCrunch, Apple InsideriMore, iPhone Hacks, Threatpost, iDownloadblog, PYMNTS.com, Fortune, 9to5Mac, Malwarebytes Unpacked, Malwarebytes Unpacked, SiliconANGLE, MacDailyNews, ZDNet Security, Law & Disorder – Ars Technica, The Hill: Cybersecurity, The Inquisitr News, Mashable, Reuters, iTnews – Security, Patently Apple, Japan Today, Wall Street Journal, ARN, The Verge, VentureBeat, Japan Times, Fortune, Motley Fool, The Hacker News, MobileSyrup.com, Security Affairs, Jerusalem Post

Tweets:@ZecOps @kennwhite @AntivirusLV

Motherboard: Researchers Say They Caught an iPhone Zero-Day Hack in the Wild
iMore: An iOS vulnerability may have been exploited to spy on Uyghur population
Security Affairs: A new Insomnia iOS exploit used to spy on China’s Uyghur minority
The Hacker News: New iPhone Hack is Being Exploited to Spy Uyghurs Muslims in China
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
AppleInsider: Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Cult of Mac: iPhone vulnerability let hackers attack devices through Mail app
Reuters: Top News: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Tech Insider: Hackers may be attacking iPhones by sending emails that can infect phones without you even opening the email (AAPL)
Cybersecurity Insiders: Apple iPhones are vulnerable to Email hacks
Inc.com: Apple Mail Bug Lets Hackers Control Your iPhone
Engadget: Apple Mail for iPhone may be vulnerable to malware attacks
The Register – Security: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild
Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug
MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta
CNET: Mail app on iPhone may be vulnerable to email hack, report says
PhoneArena: “Scary” vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon
Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data
HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions
TechCrunch: A new iPhone email security bug may let hackers steal private data
Apple Insider : Two Apple Mail vulnerabilities being used to target iPhone, iPad users
iMore: A new security vulnerability has been discovered in the default Mail app
iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta
Threatpost : Apple Patches Two iOS Zero-Days Abused for Years
iDownloadblog : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch
PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
9to5Mac : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release
Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
SiliconANGLE: Hackers spotted using new iPhone vulnerability in email-borne cyberattacks
MacDailyNews: Apple investigating report of a new iOS email exploit being used in the wild
ZDNet Security: Apple investigating report of a new iOS exploit being used in the wild
Law & Disorder – Ars Technica: A critical iPhone and iPad bug that lurked for 8 years may be under active attack
The Hill: Cybersecurity: Vulnerabilities on iPhones, iPads allowed hackers to access data for years: report
The Inquisitr News: Flaws In iPhone Design Have Allowed Hackers To Steal Information For Years
Mashable: Newly disclosed iPhone vulnerability means emails are an even bigger risk
Reuters: Flaw in iPhone, iPads may have allowed hackers to steal data for years
iTnews – Security: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Patently Apple: Apple is planning to fix a Security Flaw that was first discovered by a former Israeli Defense Force security researcher
Japan Today: Flaw in iPhone, iPads may have allowed hackers to steal data for years
Wall Street Journal: Apple iPhone May Be Vulnerable to Email Hack
ARN: Apple moves to fix flaw affecting up to 500M iPhones
The Verge: Apple’s default Mail app for the iPhone has a severe security flaw, researchers claim
VentureBeat: Researchers find actively exploited iOS flaws that were open for years
Japan Times: Apple iPhones and iPads vulnerable to hackers by flaws in mail app
Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app
Motley Fool: iPhone Flaw Allowed Hackers to Steal Data for Years
The Hacker News: Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails
MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS
Security Affairs: Hacking Apple iPhones and iPads by sending emails to the victims
Jerusalem Post: Israeli security company finds vulnerable flaw in iPhones, iPads

@ZecOps: Hackers may be attacking iPhones by exploiting a previously unknown flaw in the smartphone’s email software, according to digital-security company @ZecOps https://wsj.com/articles/apple-iphone-may-be-vulnerable-to-email-hack-11587556802 via @WSJ
@kennwhite: MacRumors Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta San Francisco-based cybersecurity company ZecOps today announced that it has uncovered two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices, as noted by Motherbo + Related: CERT-EU , CERT-EU , The Register - Security, The Register - Security, Techmeme Chatter (@TechmemeChatter) | Twitter, Techmeme Chatter (@TechmemeChatter) | Twitter, MobileSyrup.com, Tenable Blog, Cyber Kendra, Techmeme Chatter (@TechmemeChatter) | Twitter, GeekWire, GeekWire, CERT-EU , MacRumors, CERT-EU , CNET, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PhoneArena, PhoneArena, Security News | Tech Times, Security News | Tech Times, HotHardware.com, HotHardware.com, CERT-EU , TechCrunch, TechCrunch, CERT-EU , iMore, CERT-EU , iMore, CERT-EU , CERT-EU , iPhone Hacks, iPhone Hacks, iPhone Hacks, iPhone Hacks, CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Fortune, GeekWire, CERT-EU , CERT-EU , CERT-EU , CERT-EU , PYMNTS.com, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked, Malwarebytes Unpacked Related: CERT-EU : Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Zero-click, zero-day flaw in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch The Register - Security: Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht Techmeme Chatter (@TechmemeChatter) | Twitter: @kennwhite: - beta patch released by Apple- attack is fairly advanced, but actual exploit appears to be POC-grade - multiple delivery methods including large mail but also multi-part & rich text format hacks- full report, with IOCs and FAQ from @ZecOps:ht MobileSyrup.com: Security researchers uncovered vulnerabilities in Apple’s default Mail app on iOS Tenable Blog: Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild Cyber Kendra: Hack iPhone With Just a Single Mail—Zero-day Bug Techmeme Chatter (@TechmemeChatter) | Twitter: @TheRegister: Zero-click, zero-day flaw in iOS Mail exploited to hijack VIP smartphones. Apple rushes out beta patch https://t.co/r7OWryABPq GeekWire: Zero-click, zero-day flaws in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch GeekWire: Zero-click, zero-day flaw in iOS Mail ‘exploited to hijack’ VIP smartphones. Apple rushes out beta patch CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta MacRumors: Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CERT-EU : Apple Patches Two Security Vulnerabilities Impacting Mail App in iOS 13.4.5 Beta CNET: Mail app on iPhone may be vulnerable to email hack, report says CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Apple iPhones are vulnerable to Email hacks CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon PhoneArena: "Scary" vulnerability found in the iPhone/iPad Mail app; Apple says patch is coming soon Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data Security News | Tech Times: Disable iPhone Mail App Now! Security Alerts Users on New Apple Scam That Steals Data HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions HotHardware.com: Apple iPhone Mail App Zero-Day Security Exploit Potentially Exposed Private Data Of Millions CERT-EU : iPhone's Mail app has two severe "zero-click" vulnerabilities that have existed for 8 years TechCrunch: A new iPhone email security bug may let hackers steal private data TechCrunch: A new iPhone email security bug may let hackers steal private data CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : A new security vulnerability has been discovered in the default Mail app iMore: A new security vulnerability has been discovered in the default Mail app CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac CERT-EU : Session hijacking & malware injection vulnerabilities found in Apple Mail app and AirShare affecting iPhone, iPad & Mac iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta iPhone Hacks: Apple Patches Mail App Related Security Vulnerabilities in Latest iOS 13.4.5 Beta CERT-EU : Apple Patches Two iOS Zero-Days Abused for Years CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Researchers discover a pair of security vulnerabilities in the iOS Mail app, Apple is working on a patch CERT-EU : Two Apple Mail vulnerabilities being used to target iPhone, iPad users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users CERT-EU : Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Fortune: Apple iPhones, iPads are vulnerable to hackers through flaws in email app GeekWire: iOS Mail bug allows remote zero-click attacks CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Report: iPhone Mail app zero-day exploits found in the wild, Apple has fix coming in next public iOS release CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug CERT-EU : Hack iPhone With Just a Single Mail—Zero-day Bug PYMNTS.com: Apple iOS May Be Vulnerable To Zero-Click Email Hack Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks Malwarebytes Unpacked: iOS Mail bug allows remote zero-click attacks
@AntivirusLV: Researchers are reporting two Apple #iOS 0-day security #vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta. A final release of iOS 13.4.5 is expected soon.


March 11, 2020
Dustin Volz / Wall Street Journal

Dustin Volz / Wall Street Journal  
Cyberspace Solarium Commission Report Calls for Radical Changes in U.S. Approach to Cybersecurity Threats

The U.S. needs to radically change its approach to cybersecurity threats, according to the Cyberspace Solarium Commission, a congressionally mandated body formed last year and led by bipartisan members of Congress and current and former officials from various federal agencies. Following months of study, the report calls for changes ranging from modifications of existing functions to the substantial overhaul of the federal government.  One recommendation urges the creation of new committees in Congress dedicated solely to cybersecurity. At the same time, another recommendation calls for the creation of a Senate-confirmed post of national cyber director in the White House. One theme of the report is that successive presidential administrations have largely failed to deter Russia, China, and other adversaries, including criminal groups, from carrying out increasingly debilitating cyberattacks.

Related: Washington Post – Cybersecurity 202, Wired, Inside CybersecurityInsideDefense.com, The Crime Report, Cyberspace Solarium Commission, The SIGNAL Blog, Fifth Domain | Cyber, CNET, Cyberscoop, Fortune, Protocol


March 30, 2020
Byron Tau / Wall Street Journal

Byron Tau / Wall Street Journal  
U.S. Government Aims to Create a Portal for Federal, State and Local Officials Containing Geolocation Data on U.S. Residents Obtained from Mobile Advertisers in Order to Manage Coronavirus Spread

The federal government, through the Centers for Disease Control and Prevention, and state and local governments have started to receive analyses about the presence and movement of people in certain areas of geographic interest drawn from cellphone data, sources familiar with the project say. The goal is to create a portal for federal, state, and local officials that contains geolocation data in what could be as many as 500 cities across the U.S. The data comes from the mobile advertising industry rather than the cell phone carriers themselves. The supposedly anonymized data could help officials learn how coronavirus is spreading around the country and help blunt its advance. The data can show which locations are attracting visitors and can reveal general levels of compliance with stay-at-home or shelter-in-place orders.

Related: Security – Computing, Just Security, Computer Business Review, Naked Security, Android Authority, MacRumors, Tech Insider


April 9, 2020
Dustin Volz / Wall Street Journal

Dustin Volz / Wall Street Journal  
U.S. and British Cybersecurity Authorities Warn of Increasing Scams and Phishing Threats by APT Actors, Cybercriminals Exploiting COVID-19 Fears

U.S. and British cybersecurity authorities warned in a special alert that cybercriminals are increasingly exploiting fears surrounding COVID-19 to target individuals and businesses with scams and phishing threats. The joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) advises that growing use of COVID-19-related themes by malicious cyber actors combined with the mass advent of teleworking amplifies the threat to individuals and organizations. These efforts include actions by both nation-state advanced persistent threat groups as well as common cybercriminals.

Related: France24, Cyberscoop, Defense Daily, The HillMeritalk, Homeland Security Today, CISA, CSO Online


March 10, 2020
Anna Wilde Mathews and Melanie Evans / Wall Street Journal

Anna Wilde Mathews and Melanie Evans / Wall Street Journal  
New Federal Rules Make It Easier for Patients to Share Health Data With Apps and Doctors, Could Force More Disclosure About Apps’ Privacy Policies

New federal rules issued by two different agencies within the Department of Health and Human Services include provisions that make it easier for patients to share personal health data with apps, doctors, and hospitals.  The new rules also mandate changes that could force more disclosure to consumers about apps’ privacy policies, according to federal officials who have seen them. The main new rule sets technical standards that will allow app developers or others with authorization to connect digitally with hospitals and doctors’ offices and pull data such as medications, lab test results and vital signs including blood pressure, potentially paving the way for a single app to arise that organizes all of a patient’s health data.

April 27, 2020
Kate O'Keeffe / Wall Street Journal

Kate O'Keeffe / Wall Street Journal  
FCC Orders Four Chinese State-Owned Telecom Companies to Defend Themselves Against Allegations They Are Controlled by Chinese Government

The Federal Communications Commission (FCC) ordered four Chinese state-owned telecommunications operators, China Telecom, China Unicom, Pacific Networks, and ComNet, to explain why it shouldn’t withdraw permission for them to operate in the U.S., paving the way for likely license revocations. Both Pacific Networks and ComNet are controlled by the Chinese corporation Citic Group. The FCC said its orders “the companies to demonstrate that they are not subject to the influence and control of the Chinese government.” The FCC further instructed China Telecom to respond to allegations made against it by other U.S. regulators who this month accused it of presenting national security risks and who recommended its licenses to operate in the U.S. be revoked. The concern surrounding all these potential license revocations is that the firms will embed surveillance or other malware into their wares to spy on American government offices or private firms.

May 2, 2020
Timothy Puko, Rebecca Smith / Wall Street Journal

Timothy Puko, Rebecca Smith / Wall Street Journal  
White House Issues Executive Order to Limit Use of Foreign-Supplied Components in Nation’s Bulk-Power System Due to Fears of Russian, Chinese Cyberattacks

The White House issued an executive order, the Executive Order on Securing the United States Bulk-Power System,  intended to limit the use of foreign-supplied components in the nation’s electric grid, declaring that the use of these components poses an “extraordinary threat to national security.” The order stems from the intelligence community’s belief that foreign adversaries including Russia and China have secured hidden footholds in the electric system and could use that access to cause blackouts at some future date.  In effect, saying that utilities must cede control over their purchases, the order declares a national emergency and asserts federal oversight over private utility purchases of gear from suppliers deemed controlled or influenced by foreign adversaries.  The order gives Energy Secretary Dan Brouillette, in consultation with other officials, including the secretary of defense and head of national intelligence, the ability to help retool the defenses of the electric grid. The Energy Department will focus on control centers and the software they use to manage flows of electricity, protective relays, voltage regulators, transformers, and automatic circuit reclosers.

Related: Reddit – cybersecurity, ZDNet Security, Cyberscoop, PCMag, NextGov, Defense Daily Network, The Hill: Cybersecurity, Reuters: U.S., WhiteHouse.gov


December 17, 2018
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
PewDiePie Supporters Hack Wall Street Journal Outsourced Sponsored Content Page And Post Fake Apology

PewDiePie supporters hacked The Wall Street Journal’s website and defaced a page on the website a fake apology supporting YouTube megastar PewDiePie. The paper had previously reported that Felix Kjellberg, known as “PewDiePie,” shared anti-semitic messages with his tens of millions of subscribers. The defaced page’s message also referenced the ongoing rivalry between  Kjellberg and rival YouTube channel T-Series. The page appeared on an outsourced sponsored content section of the site and is not run by The Wall Street Journal newsroom.