At the Black Hat security conference, researchers from the Taiwanese cybersecurity firm CyCraft revealed at least seven Taiwanese chip firms have been breached over the past two years, reports Wired: The series of deep intrusions — called Operation Skeleton Key due to the attackers' use of a "skeleton key injector" technique — appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. And while CyCraft has previously given this group of hackers the name Chimera, the company's new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom. "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation...

The researchers found that, in at least some cases, the hackers appeared to gain initial access to victim networks by compromising virtual private networks, though it wasn't clear if they obtained credentials for that VPN access or if they directly exploited vulnerabilities in the VPN servers. The hackers then typically used a customized version of the penetration testing tool Cobalt Strike, disguising the malware they planted by giving it the same name as a Google Chrome update file. They also used a command-and-control server hosted on Google's or Microsoft's cloud services, making its communications harder to detect as anomalous....

Perhaps the most remarkable of those new clues came from essentially hacking the hackers. CyCraft researchers observed the Chimera group exfiltrating data from a victim's network and were able to intercept an authentication token from their communications to a command-and-control server. Using that same token, CyCraft's analysts were able browse the contents of the cloud server, which included what they describe as a "cheat sheet" for the hackers, outlining their standard operating procedure for typical intrusions. That document was notably written in simplified Chinese characters, used in mainland China but not Taiwan...
"It's possible that what they're seeing is just a small fragment of a larger picture," says the director of Kaspersky's Global Research & Analysis Team, who tells Wired the group has also attacked telecoms, tech firms, and a broad range of other Taiwanese companies.

But in the same article one of CyCraft's researchers argues the group could be looking for even more exploits. "If you have a really deep understanding of these chips at a schematic level, you can run all sorts of simulated attacks on them and find vulnerabilities before they even get released."

A consumer advocacy group is suing Zoom and seeking millions of dollars in damages, accusing the company of misleading its users about the strength of its encryption protections. From a report: The nonprofit group Consumer Watchdog is also accusing the videoconferencing company of deceiving users about the extent of its links with China and the fact that some calls between people in North America were routed through servers in China. That raises the danger Beijing could steal or demand access to the contents of those calls, according to a copy of the lawsuit, which was shared exclusively with The Cybersecurity 202.

Those phony claims "lull[ed] consumers and businesses into a false sense of security" and helped Zoom to soar in popularity during the early months of the pandemic, according the lawsuit, which was filed late yesterday in Washington D.C. Superior Court. The consumer group fears that if Zoom isn't punished, other companies will be incentivized to make false claims about their security and privacy protections to attract users and stand out against competitors.

It will finally be slightly easier to share files, images, links, and other content between Android devices. Google is launching a new Android feature called "Nearby Share" that enables direct sharing between any device running Android 6 and up. Nearby Share is already available on some Pixel and Samsung phones, and Google says it'll arrive on other devices "over the next few weeks." From a report: Nearby Share works very much like Apple's AirDrop feature for the iPhone: you simply select the Nearby Share button on the share menu and then wait for a nearby phone to appear. Then whatever thing you're sharing is sent directly over your transfer method of choice to the other phone. As with AirDrop, you can set your preferred visibility for Nearby Share to different levels of contacts: all, some, or stay hidden. Google says it's even possible to "send and receive files anonymously." (Welcome to AirSlothing, Android users.) Nearby Share also shares files directly via whatever method your two phones deem is fastest: "Bluetooth, Bluetooth Low Energy, WebRTC or peer-to-peer Wi-Fi," which Google says should allow it to work offline.

For 25 years, until 2010, Larry King had a live interview show on CNN. But now ProPublica reports "In the twilight of a remarkable radio and television career spanning more than six decades, battling health problems but determined to stay in the public eye, King was ensnared in an international disinformation scheme."

It involved filming Larry King asking questions, and then later splicing in responses from Anastasia Dolgova (an employee of a Russia state-owned broadcaster) — and then widely promoting the footage on social media: Posted on YouTube under the title "Larry King US China Special Conference 2019," and quickly spread by social media accounts linked to Chinese government influence operations, the fake interview went viral across Chinese-language social media, likely reaching hundreds of thousands of users on Twitter, Facebook and YouTube... By conveying Chinese disinformation through a journalist for Russian media, it may exemplify the increasing media cooperation between the two countries...

ProPublica found that the Chinese government was involved in distributing the video. Our analysis of data released by Twitter showed that nearly 250 fake accounts linked to China's government shared nearly 40 different links to the video a total of more than 500 times. Around half of those fake accounts had more than 10,000 followers... In September 2018, six months before King taped the Dolgova video, Putin and Chinese President Xi Jinping attended a ceremony in Vladivostok, Russia. There, the Russian state-controlled Rossiya Segodnya news agency and Chinese state-controlled China Media Group signed an agreement to cooperate in news exchange, joint reporting and distribution, and promotion of each other's reports, especially on social media...

The Russia-China partnership reflects the alignment of the two countries' political messaging, as both promote alternatives to liberal democracy in a post-Cold War world. To achieve that goal, the Kremlin is building a "global media conglomerate," said Nataliya Bugayova, a research fellow at the Institute for the Study of War, a Washington, D.C.-based think tank. Russian media outlets have signed more than 50 cooperation agreements with foreign media since 2015, she said...

In a telephone interview, King expressed remorse and bewilderment.

Germany's top court handed down its first ruling since the EU's GDPR laws went into effect in mid-2018. The court "sided with Google and rejected requests to wipe entries from search results," reports German public broadcaster DW (in an article shared by long-time Slashdot reader AmiMoJo): The cases hinged on whether the right to be forgotten outweighed the public's right to know...

In the first case, a former managing director of a charity had demanded Google remove links to certain news articles that appeared in searches of his name. The articles from 2011 reported that the charity was in financial trouble and that the manager had called in sick. He later argued in court that information on his personal health issues should not be divulged to the public years later. The court ruled that whether links to critical articles have to be removed from the search list always depends on a comprehensive consideration of fundamental rights in the individual case.

A second case was referred to the European Court of Justice. It concerned two leaders of a financial services company that sought to have links to negative reports about their investment model removed. The couple had argued that the US-based websites, which came up in the searches for their names, were full of fake news and sought to market other financial services providers.

This is the first ruling by Germany's top court since the EU's general data protection regulation came into effect in 2018. It gives EU citizens extensive rights to demand corporations immediately delete personal data.

Twitter said Thursday night that it has "significantly limited" access to its internal tools after it learned that the high-profile hack earlier this month affecting dozens of major accounts was the result of a phishing attack targeting the phones of a "small number of employees." From a report: "This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet. A phishing attack is a type of cyberattack in which hackers try to trick victims into opening malicious emails or links disguised as legitimate web content. In addition to clamping down on access to administrative systems, Twitter said it was also accelerating the rollout of "security work streams" that had already been in progress.

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. Wired reports: On Wednesday, security firm FireEye released a report on a disinformation-focused group it's calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more.

"They're spreading these stories that NATO is a danger, that they resent the locals, that they're infected, that they're car thieves," says John Hultquist, director of intelligence at FireEye. "And they're pushing these stories out with a variety of means, the most interesting of which is hacking local media websites and planting them. These fictional stories are suddenly bona fide by the sites that they're on, and then they go in and spread the link to the story."

FireEye itself did not conduct incident response analyses on these incidents and concedes that it doesn't know exactly how the hackers are stealing credentials that give them access to the content management systems that allow posting and altering news stories. Nor does it know who is behind the string of website compromises, or for that matter the larger disinformation campaign that the fake stories are a part of. But the company's analysts have found that the news site compromises and the online accounts used to spread links to those fabricated stories, as well as the more traditional creation of fake news on social media, blogs, and websites with an anti-US and anti-NATO bent, all tie back to a distinct set of personas, indicating one unified disinformation effort. FireEye's Hultquist points out that the campaign doesn't seem financially motivated, indicating a political or state backer, and notes that the focus on driving a wedge between NATO and citizens of Eastern Europe hints at possible Russian involvement.

An anonymous reader quotes a report from The New York Times: In a video posted Monday online, a group of people calling themselves "America's Frontline Doctors" and wearing white medical coats spoke against the backdrop of the Supreme Court in Washington, sharing misleading claims about the virus, including that hydroxychloroquine was an effective coronavirus treatment and that masks did not slow the spread of the virus. [...] The members of the group behind Monday's video say they are physicians treating patients infected with the coronavirus. But it was unclear where many of them practice medicine or how many patients they had actually seen. As early as May, anti-Obamacare conservative activists called the Tea Party Patriots Action reportedly worked with some of them to advocate loosening states' restrictions on elective surgeries and nonemergency care. On July 15, the group registered a website called "America's Frontline Doctors," domain registration records show. One of the first copies of the video that appeared on Monday was posted to the Tea Party Patriots' YouTube channel, alongside other videos featuring the members of "America's Frontline Doctors."

The video did not appear to be anything special. But within six hours, President Trump and his son Donald Trump Jr. had tweeted versions of it, and the right-wing news site Breitbart had shared it. It went viral, shared largely through Facebook groups dedicated to anti-vaccination movements and conspiracy theories such as QAnon, racking up tens of millions of views. Multiple versions of the video were uploaded to YouTube, and links were shared through Twitter. Facebook, YouTube and Twitter worked feverishly to remove it, but by the time they had, the video had already become the latest example of misinformation about the virus that has spread widely. That was because the video had been designed specifically to appeal to internet conspiracists and conservatives eager to see the economy reopen, with a setting and characters to lend authenticity. It showed that even as social media companies have sped up response time to remove dangerous virus misinformation within hours of its posting, people have continued to find new ways around the platforms' safeguards. [...] At least one version of the video, viewed by The Times on Facebook, was watched over 16 million times.

Rite Aid installed facial recognition technology across 200 stores in the U.S. "In the hearts of New York and metro Los Angeles, Rite Aid deployed the technology in largely lower-income, non-white neighborhoods," reports Reuters. "Among the technology the U.S. retailer used: a state-of-the-art system from a company with links to China and its authoritarian government." From the report: Over about eight years, the American drugstore chain Rite Aid Corp quietly added facial recognition systems to 200 stores across the United States, in one of the largest rollouts of such technology among retailers in the country, a Reuters investigation found. In the hearts of New York and metro Los Angeles, Rite Aid deployed the technology in largely lower-income, non-white neighborhoods, according to a Reuters analysis. And for more than a year, the retailer used state-of-the-art facial recognition technology from a company with links to China and its authoritarian government.

In telephone and email exchanges with Reuters since February, Rite Aid confirmed the existence and breadth of its facial recognition program. The retailer defended the technology's use, saying it had nothing to do with race and was intended to deter theft and protect staff and customers from violence. Reuters found no evidence that Rite Aid's data was sent to China. Last week, however, after Reuters sent its findings to the retailer, Rite Aid said it had quit using its facial recognition software. It later said all the cameras had been turned off. "This decision was in part based on a larger industry conversation," the company told Reuters in a statement, adding that "other large technology companies seem to be scaling back or rethinking their efforts around facial recognition given increasing uncertainty around the technology's utility."

Reuters pieced together how the company's initiative evolved, how the software has been used and how a recent vendor was linked to China, drawing on thousands of pages of internal documents from Rite Aid and its suppliers, as well as direct observations during store visits by Reuters journalists and interviews with more than 40 people familiar with the systems' deployment. Most current and former employees spoke on condition of anonymity, saying they feared jeopardizing their careers.

In Google's early years, users would type in a query and get back a page of 10 "blue links" that led to different websites. "We want to get you out of Google and to the right place as fast as possible," co-founder Larry Page said in 2004. Today, Google often considers that "right place" to be Google, an investigation by The Markup has found. From the report: We examined more than 15,000 recent popular queries and found that Google devoted 41 percent of the first page of search results on mobile devices to its own properties and what it calls "direct answers," which are populated with information copied from other sources, sometimes without their knowledge or consent. When we examined the top 15 percent of the page, the equivalent of the first screen on an iPhone X, that figure jumped to 63 percent. For one in five searches in our sample, links to external websites did not appear on the first screen at all. A trending search in our data for "myocardial infarction" shows how Google has piled up its products at the top. It returned:
Google's dictionary definition.
A "people also ask" box that expanded to answer related questions without leaving the search results page.
A "knowledge panel," which is an abridged encyclopedia entry with various links.
And a "related conditions" carousel leading to various new Google searches for other diseases.
All of these appeared before search results by WebMD, Harvard University, and Medscape. In fact, a user would have to scroll nearly halfway down the page -- about 42 percent -- before reaching the first "organic" result in that search.

Dreamwidth is an online journal service based on the LiveJournal codebase, according to Wikipedia — "a code fork of the original service, set up by ex-LiveJournal staff Denise Paolucci and Mark Smith, born out of a desire for a new community based on open access, transparency, freedom and respect."

"I discovered, about an hour ago, that all of my posts on Facebook which were links to Dreamwidth had vanished. Suddenly gone as if they'd never existed," complained Dreamwidth user Andrew Ducker on Sunday morning.

Though that afternoon he posted "All working fine now," thousands had already seen his original post (quoted below): I checked with Denise (one of the owners of Dreamwidth) to find out if she knew about it, and discovered that Facebook have stuck Dreamwidth on a block list...

This is unbelievably frustrating. And the kind of centralised, autocratic, opaque decision making which I loathe. Tens of thousands of active users, unable to share blog posts with Facebook (which, let's face it, is where most of my friends go for their socialising)...
"This may be an overzealous spam filter at work," Slashdot reader JoshuaZ had argued. But even before Facebook adjusted their filtering, Dreamwidth co-owner Mark Smith was calling it "definitely a bit of a /shrug moment... 'Facebook gonna Facebook' I think is approximately how we feel about this...

"We do not have any goals around growth, we don't advertise, and we ultimately don't care that much what the other platforms do. Our goal is to give people a stable home where they don't have to worry about their data being sold, their writing being monetized..."

An anonymous reader quotes a report from Motherboard: The fugitive executive of the embattled payment startup Wirecard was mentioned in a brazen and bizarre attempt to purchase hacking tools and surveillance technology from an Italian company in 2013, an investigation by Motherboard and the German weekly Der Spiegel found. Jan Marsalek, a 40-year-old Austrian who until recently was the chief operating officer of the rising fintech company Wirecard, seems to have taken a meeting with the infamous Italian surveillance technology provider Hacking Team in 2013. At the time, Marsalek is described as an official representative of the government of Grenada, a small Caribbean island of around 100,000 people, in a letter that bears the letterhead of the Grenada government. The documents were included in a cache published after Hacking Team was hacked in 2015. In recent days, Marsalek has been described as the 'world's most wanted man.'

It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek's phone number and his Munich address at the time, and the servers were apparently operated from Germany. Wirecard provided digital payment services and was considered one of the most important companies in the financial tech industry. Wirecard offered a mobile payment app called Boon, which was essentially a virtual MasterCard card, it also offered a prepaid debit card called mycard2go, and worked with companies such as KLM, Rakuten, and Qatar Airways to manage their online transactions. The company suddenly collapsed in June after German regulators raided its headquarters as part of an investigation into fraudulent stock price manipulation and 1.9 billion euros that are missing from the company's books. Marsalek is now a fugitive and a key suspect in the German investigation. He reportedly fled to Belarus, and is now hiding in Russia under the protection of the FSB, according to German news reports. In the past, he was involved in other strange dealings: he bragged about an attempt to recruit 15,000 Libyan militiamen, and about a trip to Syria along with Russian military, according to the Financial Times.

Twitch has intervened to stop the US Army using fake prize giveaways on its esports channel to redirect viewers to army recruitment pages. From a report: The practice was brought to light by a report from The Nation on the use of esports as a recruitment tool by the American military. The US Army, Navy, and Air Force all field esports teams comprised of active and reserve personnel who stream on Twitch and chat with young viewers about life, video games, and the opportunities afforded by military service. "Esports is just an avenue to start a conversation," Major-General Frank Muth, head of the army's recruiting command, told ThinkTech Hawaii recently. "We go out there and we have a shared passion for esports ... and it naturally devolves into a conversation, 'What do you do?', 'I'm in the army.'"

This outreach included automated links dropped into the army's stream chat that told viewers they could win an Xbox Elite Series 2 controller in a "giveaway." But when anyone clicked the link, says The Nation, they were directed to "a recruiting form with no additional mention of a contest, odds, total number of winners, or when a drawing will occur." Viewers, streamers, and game developers reacted with anger to the news, saying that any other channel would face repercussions for such behavior. Twitch itself has now apparently forced the army to stop these giveaways, according to a report from Kotaku.

Brian Krebs has written a blog post with clues about who may have been behind yesterday's Twitter hack, which had some of the world's most recognizable public figures tweeting out links to bitcoin scams. An anonymous reader shares an excerpt from the report (though we strongly recommend you read the full analysis here): There are strong indications that this attack was perpetrated by individuals who've traditionally specialized in hijacking social media accounts via "SIM swapping," an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target's account. In the days leading up to Wednesday's attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers -- a forum dedicated to account hijacking -- a user named "Chaewon" advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece. "This is NOT a method, you will be given a full refund if for any reason you aren't given the email/@, however if it is revered/suspended I will not be held accountable," Chaewon wrote in their sales thread, which was titled "Pulling email for any Twitter/Taking Requests."

Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including "@6." That Twitter account was formerly owned by Adrian Lamo -- the now-deceased "homeless hacker" perhaps best known for breaking into the New York Times's network and for reporting Chelsea Manning's theft of classified documents. @6 is now controlled by Lamo's longtime friend, a security researcher and phone phreaker who asked to be identified in this story only by his Twitter nickname, "Lucky225."[...] But around the same time @6 was hijacked, another OG account -- @B -- was swiped. Someone then began tweeting out pictures of Twitter's internal tools panel showing the @B account. Another Twitter account -- @shinji -- also was tweeting out screenshots of Twitter's internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying "follow @6," referring to the account hijacked from Lucky225.

Cached copies of @Shinji's tweets prior to Wednesday's attack on Twitter are available here and here from the Internet Archive. Those caches show Shinji claims ownership of two OG accounts on Instagram -- "j0e" and "dead." KrebsOnSecurity heard from a source who works in security at one of the largest U.S.-based mobile carriers, who said the "j0e" and "dead" Instagram accounts are tied to a notorious SIM swapper who goes by the nickname "PlugWalkJoe." Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists. Now look at the profile image in the other Archive.org index of the @shinji Twitter account (pictured below). It is the same image as the one included in the @Shinji screenshot above from Wednesday in which Joseph/@Shinji was tweeting out pictures of Twitter's internal tools.

This individual, the source said, was a key participant in a group of SIM swappers that adopted the nickname "ChucklingSquad," and was thought to be behind the hijacking of Twitter CEO Jack Dorsey's Twitter account last year. The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, U.K. named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic. [...] If PlugWalkJoe was in fact pivotal to this Twitter compromise, it's perhaps fitting that he was identified in part via social engineering.

Microsoft is testing a number of Windows 10 upgrades to a small number of testers, including changes to the Alt-Tab function and a new Start menu design. The Verge reports: "We are freshening up the Start menu with a more streamlined design that removes the solid color backplates behind the logos in the apps list and applies a uniform, partially transparent background to the tiles," explains Microsoft in a blog post. Essentially, the reduction in the color of the blocky tiled interface on the Start menu will simplify it slightly and make it easier to scan for the apps you use on a daily basis. It's a subtle change, but it certainly makes the Start menu look a little less chaotic and avoids many tiles sharing a similar blue color.

Alongside an updated Start menu, the latest Windows 10 build includes some big changes to Alt-Tab. "Beginning with today's build, all tabs open in Microsoft Edge will start appearing in Alt-Tab, not just the active one in each browser window," explains Microsoft. This seems like a change that might be a little confusing for veteran Windows users, but Microsoft is thankfully allowing you to switch back to the classic Alt-Tab experience.

Microsoft is also making some smaller changes with this new Windows 10 build. The default taskbar appearance will also now be more personalized with the Xbox app pinned for Xbox Live users or Your Phone pinned for Android users. This will be limited to new account creation on a PC or first login, so existing taskbar layouts will remain unchanged. Notifications now include an X in the top right corner to allow you to quickly dismiss them, and Microsoft is also improving its Settings app in Windows 10. Links that would typically push you toward the system part of the legacy Control Panel system page will now direct you to the About page in Settings. This will now house the more advanced controls typically found in that system section of the Control Panel, and Microsoft is promising "there will be more improvements coming that will further bring Settings closer to Control Panel."

"Invisible outbreaks sprang up everywhere. The United States ignored the warning signs," writes the New York Times, in a detailed interactive data visualization.

"We analyzed travel patterns, hidden infections and genetic data to show how the epidemic spun out of control." By mid-February, there were only 15 known coronavirus cases in the United States, all with direct links to China... The patients were isolated. Their contacts were monitored. Travel from China was restricted.

None of that worked. Only a small part of the picture was visible. Some 2,000 hidden infections were already spreading through major cities...

Genetic samples linked to the Seattle outbreak appeared in at least 14 states, said Trevor Bedford, a professor at Fred Hutchinson Cancer Research Center... In New York City, where officials had found only a single case by March 1, roughly 10,000 infections had spread undetected... More than 5,000 contagious travelers left New York City in the first two weeks of March, estimates suggest... People [from New York City] also made more than 25,000 trips to New Orleans, where genetic data suggests that a large early outbreak stemmed from infections from New York...

Travel from the city helped to spread that variant across the country. "New York has acted as a Grand Central Station for this virus," said David Engelthaler of the Translational Genomics Research Institute. By the time President Trump blocked travel from Europe on March 13, the restrictions were essentially pointless. The outbreak had already been spreading widely in most states for weeks... The New Orleans outbreak helped seed infection across Louisiana and the South...

Even now, America remains in the dark. Most infected people are never tested. There is little capacity to trace and isolate the contacts to those who do test positive.

After the lockdowns expired, new cases spiked once again.

The iPhone that Moroccan journalist Omar Radi used to contact his sources also allowed his government to spy on him (and at least two other journalists), reports the Toronto Star, citing new research from Amnesty International.

A Slashdot reader shares their report: Their government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment.

Yet Radi was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked. Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website.

Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser.
Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.

One of the new features available in iOS 14 is the ability to switch default app preferences for the first time. 9to5Mac reports: Details are scarce currently, but one of the slides in the WWDC presentation featured a block that announced users will be able to change their default browser and default email app. This is a long-requested feature, as iOS 13 and prior versions of the operating system will always direct taps on links to Safari, and new emails start in Apple Mail. Default apps will be available with iOS 14 for iPhone and iPadOS 14 for iPad users. Other iOS 14 features include home screen widgets, a new Translate app, contextual Siri and much more.

Apple has unveiled the next version of macOS: Big Sur. From a report: The new operating system brings the biggest redesign since the introduction of macOS 10, according to Apple. Big Sur borrows a number of elements from Apple's iOS, including a customizable Control Center, where you can change brightness and toggle Do Not Disturb, and a new notification center, which groups related notifications together. Both interfaces are translucent, like their iOS counterparts. A number of apps have received streamlined new redesigns, including Mail, Photos, Notes, and iWork. Apple has introduced a new search feature to Messages (which organizes results into links, photos, and matching terms), as well as inline replies for group chats, a new photo-selection interface, and Memoji stickers. There's a new version of Maps for Mac that borrows features from the iOS app, including custom Guides, 360-degree location views, cycling and electric vehicle directions (which you can send directly to an iPhone), and indoor maps. Apple introduced a number of new Catalyst apps as well. Dock buttons have also been redesigned to look more similar to their iOS counterparts, in an effort to "be more consistent with icons across Apple's ecosystem while retaining their Mac personality," according to the company.

Apple also announced the biggest update to Safari since the browser was first introduced. The company claims its browser is 50 percent faster than Chrome and can show more tabs on-screen. Hovering over a tab now gives users a preview of its page, and right-clicking on the tab will give you the option to close all the tabs to its right. The new Safari also has a customizable start page and a built-in automatic translation feature that can interpret entire webpages in seven languages, Apple says. Safari is also getting support for extensions made for other browsers, and a dedicated extension store. (Unlike many other browsers, Safari will allow you to customize which sites your extensions run on). And there are new privacy features, including a Privacy Report that details actions the browser has taken to prevent tracking on the websites you visit.

CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. From a report: Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys. The Excel file contains macros that, when enabled, install GraceWire, a trojan that steals sensitive information such as passwords. The attacks are the work of a group Microsoft calls Chimborazo, which company researchers have been tracking since at least January. Previously, Microsoft observed Chimborazo distributing the Excel file in attachments included in phishing messages and later spreading through embedded Web links. In recent weeks, the group has begun sending phishing emails that change things up again. In some cases, the phishes include links that lead to redirector sites (usually legitimate sites that have been compromised). In other cases, the emails have an HTML attachment that contains a malicious iframe tag.

Either way, clicking on the link or attachment leads to a site where targets download the malicious file, but only after completing the CAPTCHA (which is short for completely automated public Turing test to tell computers and humans apart). The purpose: to thwart automated analysis defenders use to detect and block attacks and get attack campaigns shut down. Typically the analysis is performed by what are essentially bots that download malware samples and run and analyze them in virtual machines. Requiring the successful completion of a CAPTCHA means analysis will only happen when a live human being downloads the sample. Without the automation, the chances of the malicious file flying under the radar are much better. Microsoft has dubbed Chimborazo's ongoing attack campaign Dudear.