safari hacker news

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.

"An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study.

In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers.

iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates all browser vendors to use Safari's WebKit engine.

Apple was notified of the findings on September 12, 2022. The shortcoming impacts all Apple devices released from 2020 that are powered by Apple's A-series and M-series ARM processors.

The crux of the problem is rooted in the fact that malicious JavaScript and WebAssembly embedded in a web page in one browser tab can surreptitiously read the content of a target website when a victim visits the attacker-controlled web page.

This is accomplished by means of a side-channel exploit that can be weaponized by a malicious actor to infer sensitive information through other variables like timing, power consumption, or electromagnetic emanations.

The side-channel that acts as the foundation of the latest attack is a performance optimization mechanism in modern CPUs called speculative execution , which has been the target of several such similar methods since Spectre came to light in 2018.

Speculative execution is designed as a way to yield a performance advantage by using spare processing cycles to execute program instructions in an out-of-order fashion when encountering a conditional branch instruction whose direction depends on preceding instructions whose execution is not completed yet.

The cornerstone of this technique is to make a prediction as to the path that the program will follow, and speculatively execute instructions along the path. When the prediction turns out to be correct, the task is completed quicker than it would have taken otherwise.

But when a misprediction occurs, the results of the speculative execution are abandoned and the processor resumes along the correct path. That said, these erroneous predictions leave behind certain traces in the cache.

Attacks like Spectre involve inducing a CPU to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via the microarchitectural side-channel.

In other words, by coercing CPUs into mispredicting sensitive instructions, the idea is to enable an attacker (through a rogue program) to access data associated with a different program (i.e., victim), effectively breaking down isolation protections.

iLeakage not only bypasses hardening measures incorporated by Apple, but also implements a timer-less and architecture-agnostic method that leverages race conditions to distinguish individual cache hits from cache misses when two processes -- each associated with the attacker and the target -- run on the same CPU.

This gadget then forms the basis of a covert channel that ultimately achieves an out-of-bounds read anywhere in the address space of Safari's rendering process, resulting in information leakage.

While chances of this vulnerability being used in practical real-world attacks are unlikely owing to the technical expertise required to pull them off, the research underscores the continued threats posed by hardware vulnerabilities even after all these years.

News of iLeakage comes months after cybersecurity researchers revealed details of a trifecta of side-channel attacks – Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569) – that could be exploited to leak sensitive data from modern CPUs.

It also follows the discovery of RowPress , a variant of the RowHammer attack on DRAM chips and an improvement over BlackSmith that can be used to cause bitflips in adjacent rows, leading to data corruption or theft.

Cybersecurity Webinars

Learn advanced ddos prevention tactics.

Explore the latest in DDoS attack tactics and how to shield your business from advanced DDoS threats at our live webinar.

AI-Powered Threat Hunting with CensysGPT

Introducing CensysGPT, the AI-driven tool that's changing the game in threat hunting. Don't miss our webinar to see it in action.

One and Done Security

Why You Should Consider Leveraging Your Python Skills to Code Securely on Blockchain

Securing SaaS Apps in the Era of Generative AI

DORA – Guiding the Resilience of Digital Financial Services

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

To revisit this article, visit My Profile, then View saved stories .

• Backchannel
• Newsletters
• WIRED Insider
• WIRED Consulting

Lily Hay Newman

Safari Flaws Exposed Webcams, Online Accounts, and More

Usually the worst thing that happens when you have dozens of browser tabs open is you can't find the one that suddenly starts blasting random ads. But a group of macOS vulnerabilities—fixed by Apple at the end of last year—could have exposed your Safari tabs and other browser settings to attack, opening the door for hackers to grab control of your online accounts, turn on your microphone, or take over your webcam.

MacOS has built-in protections to prevent this sort of attack, including Gatekeeper, which confirms the validity of the software your Mac runs. But this hack got around those safeguards by abusing iCloud and Safari features that macOS already trusts. While poking for potential weaknesses in Safari, independent security researcher Ryan Pickren started looking at iCloud's document-sharing mechanism because of the trust inherent between iCloud and macOS. When you share an iCloud document with another user, Apple uses a behind-the-scenes app called ShareBear to coordinate the transfer. Pickren found that he could manipulate ShareBear to offer victims a malicious file. 

In fact, the file itself doesn't even have to be malicious at first, making it easier to offer victims something compelling and trick them into clicking. Pickren found that because of the trusted relationship between Safari, iCloud, and ShareBear, an attacker could actually revisit what they shared with a victim later and silently swap the file for a malicious one. All of this can happen without the victim receiving a new prompt from iCloud or realizing that anything has changed. 

Once the hacker has staged the attack, they can essentially take over Safari, see what the victim sees, access the accounts the victim is logged into, and abuse permissions the victim has granted websites to access their camera and microphone. An attacker could also access other files stored locally on the victim's Mac.

“The attacker is basically punching a hole in the browser,” says Ryan Pickren, the security researcher who disclosed the vulnerabilities to Apple. “So if you’re signed in to Twitter.com on one tab, I could jump into that and do everything you can from Twitter.com. But that’s nothing to do with Twitter’s servers or security; I as the attacker am just assuming the role that you already have in your browser.”

In October, Apple patched the vulnerability in Safari's WebKit engine and made revisions in iCloud. And in December it patched a related vulnerability in its Script Editor code automation and editing tool.

“This is an impressive exploit chain,” says Patrick Wardle, a longtime researcher and founder of the macOS security nonprofit Objective-See. “It's clever that it exploits design flaws and creatively uses built-in macOS capabilities to circumvent defense mechanisms and compromise the system.”

Pickren previously discovered a series of Safari bugs that could have enabled webcam takeovers . He disclosed the new findings through Apple's bug bounty program in mid-July, and the company awarded him $100,500. The amount is not unprecedented for Apple's disclosure program, but its size reflects the severity of the flaws. In 2020, for example, the company paid out $100,000 for a crucial flaw in its Sign In With Apple single sign-on system.

Lauren Goode

Angela Watercutter

Madeline Ashby

Safari and Webkit, though, have a particular set of security challenges because they are such massive platforms. And Apple has had a difficult time getting a handle on the problem, even when vulnerabilities are public for weeks or months. 

“As systems become more complex, they introduce more bugs, and that’s especially true for web browsers these days,” Pickren says. “Safari can do so many things, it’s really no surprise that there are going to be more bugs as more features come out.”

Such bugs may be common, but that doesn't make them any less serious. Attackers regularly take advantage of browser vulnerabilities for both criminal and nation-state hacking. For example, they are commonly exploited in watering hole attacks that target visitors of tainted websites. And hackers actively use unpatched “zero-day” browser vulnerabilities they've discovered or purchased, along with older bugs that they can exploit opportunistically when targets haven't updated their browsers. 

“A bug like this really stresses how crucial it is to keep your browser up to date,” Pickren says. “It's an easy thing to push off, but it's ultra-important.”

It's solid advice, regardless of your browser of choice.

• 📩 The latest on tech, science, and more: Get our newsletters !
• The quest to trap CO 2 in stone—and beat climate change
• The trouble with Encanto ? It twerks too hard
• Here's how Apple's iCloud Private Relay works
• This app gives you a tasty way to fight food waste
• Simulation tech can help predict the biggest threats
• 👁️ Explore AI like never before with our new database
• ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers

David Nield

Andy Greenberg

Scott Gilbertson

Eric Geller

Matt Burgess

• Mobile Site
• Staff Directory
• Advertise with Ars

Filter by topic

• Biz & IT
• Gaming & Culture

Front page layout

GOT PRIVACY? —

Safari and ios users: your browsing activity is being leaked in real time, unfixed bug violating the internet's most foundational rules is easy to exploit..

Dan Goodin - Jan 18, 2022 6:14 pm UTC

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

“The fact that database names leak across different origins is an obvious privacy violation,” wrote Martin Bajanik, a software engineer at FingerprintJS, a startup that makes a device identification interface for anti-fraud purposes. He continued:

It lets arbitrary websites learn what websites the user visits in different tabs or windows. This is possible because database names are typically unique and website-specific. Moreover, we observed that in some cases, websites use unique user-specific identifiers in database names. This means that authenticated users can be uniquely and precisely identified.

Attacks work on Macs running Safari 15 and on any browser running on iOS or iPadOS 15. As the demo shows, safarileaks.com is able to detect the presence of more than 20 websites—Google Calendar, YouTube, Twitter, and Bloomberg among them—open in other tabs or windows. With more work, a real-world attacker could likely find hundreds or thousands of sites or webpages that can be detected.

When users are logged in to one of these sites, the vulnerability can be abused to reveal the visit and, in many cases, identifying information in real time. When logged in to a Google account open elsewhere, for instance, the demo site can obtain the internal identifier Google uses to identify each account. Those identifiers can usually be used to recognize the account holder.

Raising awareness

The leak is the result of the way the Webkit browser engine implements IndexedDB, a programming interface supported by all major browsers. It holds large amounts of data and works by creating databases when a new site is visited. Tabs or windows that run in the background can continually query the IndexedDB API for available databases. This allows one site to learn in real time what other websites a user is visiting.

Websites can also open any website in an iframe or pop-up window in order to trigger an IndexedDB-based leak for that specific site. By embedding the iframe or popup into its HTML code, a site can open another site in order to cause an IndexedDB-based leak for the site.

“Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session,” Bajanik wrote. “Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window.”

Bajanik said he notified Apple of the vulnerability in late November, and as of publication time, it still had not been fixed in either Safari or the company's mobile OSes. Apple representatives didn’t respond to an email asking if or when it would release a patch. As of Monday, Apple engineers had merged potential fixes and marked Bajanik's report as resolved. End users, however, won't be protected until the Webkit fix is incorporated into Safari 15 and iOS and iPadOS 15.

For now, people should be wary when using Safari for desktop or any browser running on iOS or iPadOS. This isn’t especially helpful for iPhone or iPad users, and in many cases, there’s little or no consequence of browsing activities being leaked. In other situations, however, the specific sites visited and the order in which they were accessed can say a lot.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” Bajanik wrote. “In the meantime, we hope this article will raise awareness of this issue.”

Promoted Comments

Reader comments, channel ars technica.

Apple security flaw allows hackers to fully control iPhones, iPads and Macs

Intruders can impersonate device's owner and run any software in their name.

Social Sharing

Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.

Apple released two security reports about the issue on Wednesday, although they didn't receive wide attention outside of tech publications.

Apple's explanation of the vulnerability means a hacker could get "full admin access" to the device. That would allow intruders to impersonate the device's owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.

According to the security reports, the vulnerabilities impacted Apple's WebKit, which is the engine that powers the Safari web browser and other browsers on iOS; and the kernel, Apple's core computer operating system.

Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.

Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.

Apple, Google, Microsoft want to ditch passwords to improve security

Commercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and surveils the targets in real time. 

In July 2021, Apple released a similar security point that said that a flaw in its security design was being "actively exploited." Again, an anonymous researcher was credited for the discovery.

NSO Group has been blacklisted by the U.S. Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.

Apple urging users to update devices due to security flaw

"Yes, hackers, threat actors can take control of devices," said Daniel Tobok, the CEO of Toronto-based cybersecurity firm Cypfer, in an interview with CBC News. 

The devices most vulnerable to targeted attacks are the ones that aren't up-to-date on security patches, which is about 18 per cent of devices globally, according to Tobok.

Apple reveals security flaws more or less on an annual basis, particularly after the flaws have been detected by what Tobok calls "threat actors," or hackers.

• U.S. communications regulator wants TikTok removed from app stores over spying concerns
• Americans are being urged to delete period tracking apps. Should Canadians do the same?
• Apple issues security patch after Toronto-based Citizen Lab flags vulnerability

Typically, hackers will gain access to a device and then change its passwords so that the user is locked out of their own phone or laptop. But it's extremely difficult for users to detect when their device has been compromised, he said.

"When you have a super power, privileged user on the phone, they could potentially do things without you even noticing," Tobok said. "This is really one of the dangers of having a device that is compromised because, unlike Hollywood, you don't see icons flashing and you don't see your red lights bleeping." 

"You're really not aware because what the threat actors are doing is moving very quietly, just exfiltrating your data or leveraging your phone as a hub for committing another potential crime."

People coming to grips with device vulnerability, says cybersecurity analyst

With files from CBC's Nisha Patel

Related Stories

• Spyware used on separatists in Spain 'extensive,' Canadian cybersecurity group's investigation reveals

Apple releases Safari 15.6.1 to fix zero-day bug used in attacks

Lawrence abrams.

• August 18, 2022

Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.

The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device.

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," warns Apple in a  security bulletin  released today.

An out-of-bounds write vulnerability is when an attacker can supply input to a program that causes it to write data past the end or before the beginning of a memory buffer.

This causes the program to crash, corrupt data, or in the worst-case scenario, remote code execution. Apple says they fixed the bug through improved bounds checking.

Apple says the vulnerability was disclosed by a researcher who wishes to remain anonymous.

This zero-day vulnerability is the  same one that was patched by Apple yesterday  for macOS Monterey and iPhone/iPads.

Apple has not provided details on how the vulnerability is being used in attacks other than saying that it "may have been actively exploited."

This is the seventh zero-day vulnerability fixed by Apple in 2022, with the previous bugs outlined below:

• In March, Apple  patched two more zero-day bugs  that were used in the Intel Graphics Driver (CVE-2022-22674) and AppleAVD (CVE-2022-22675).
• In January,  Apple patched two more actively exploited zero-days  that allowed attackers to execute code with kernel privileges (CVE-2022-22587) and track web browsing activity (CVE-2022-22594).
• In February, Apple released security updates  to fix a new zero-day bug  exploited to hack iPhones, iPads, and Macs.

Related Articles:

WP Automatic WordPress plugin hit by millions of SQL injection attacks

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

Hackers exploit Aiohttp bug to find vulnerable networks

Brave: Sharp increase in installs after iOS DMA update in EU

• Actively Exploited
• Vulnerability
• Web Browser
• Previous Article
• Next Article

Post a Comment Community Rules

You need to login in order to post a comment.

Not a member yet? Register Now

You may also like:

Finland warns of Android malware attacks breaching bank accounts

Iranian hackers pose as journalists to push backdoor malware

Help us understand the problem. What is going on with this comment?

• Abusive or Harmful
• Inappropriate content
• Strong language

Read our posting guidelinese to learn what content is prohibited.

Apple pays major bug bounty to fix Safari flaw that hacked your webcam

One day you're downloading a cute .PNG file, the next, your camera is turning on by itself

A cybersecurity researcher has uncovered a dangerous flaw in Apple ’s macOS, which enabled attackers to access the victims’ logged-in online accounts and even get into their webcams .

The flaw, which Ryan Pickren reported to the Cupertino giants last summer, was patched earlier this month, while Pickren got to go home with a $100,000 bounty. 

The bug, a universal cross-site scripting (UXSS) flaw, resided in the OS’ browser , Safari . 

Full access

Explaining the end result to The Register , Picker said it grants the attacker "full access to every website you've visited in Safari, meaning that if you're visiting my evil website on one tab, and then your other tab, you have Twitter open, I can jump into that tab and do everything you can from that screen. So it does allow me to fully perform an account takeover on every website you visited in Safari."

Here’s how it works (as short of an explanation as it can be): Safari has a number of custom URI schemes, such as mailto:, s3:, and so on. One of them is called icloud -sharing:, and triggering it opens up ShareBear, an internal macOS app designed for document sharing via iCloud. A website, for example, can trigger it, and have Safari load content hosted elsewhere.

Running malicious webarchives

This wouldn’t be a problem, were it not for a simple fact that the downloaded files could later be altered by the author. So, a victim could download an innocent .PNG file, only to have it transform into a malicious webarchive file.

“In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and the permission to remotely launch it at any moment. Yikes. Agreed to view my PNG file yesterday? Well today it's an executable binary that will be automatically launched whenever I want,” Picker explained in a further blog post .

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

> Apple patches Safari bug that leaked user data > Safari 15 may have a serious security flaw, and there's no patch in sight > The rise of data privacy concerns  

To open the webarchive file, Pickren further explains, he needed to bypass the Gatekeeper restriction, which turned out to be relatively simple. He did it via a custom webpage, which can launch a JavaScript in an arbitrary origin (think facebook.com). That allowed him, among other things, to turn on the camera. 

To fix the problem, Apple did two things: First - it made ShareBear just reveal downloaded files, rather than launch them, in macOS Monterey 12.0.1. Second - it patched Safari’s engine WebKit to stop downloaded webarchives from being opened. 

• You might also want to check out our list of the best firewalls right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

4 reasons why most free VPNs are scams

Microsoft adds more security chiefs following recent cyberattacks

Quordle today – hints and answers for Monday, May 6 (game #833)

Most Popular

• 2 Hackers of all kinds are attacking routers across the world
• 3 It's officially time to abandon the Oculus Quest 2, as new VR games and apps are dodging the aging headset
• 4 The Arc browser just launched and yes, it really is that good
• 5 A researcher compared Android and iOS for app security, and there’s a clear loser
• 2 A researcher compared Android and iOS for app security, and there’s a clear loser
• 3 I love my iPad – but these 5 upgrades would make me drop it for the new one
• 4 A key Apple Watch health feature just got a landmark stamp of approval
• 5 Samsung's archrival strikes crucial partnership with Nvidia's closest ally to deliver key next-gen memory — SK Hynix teams up with TSMC to advance HBM development but could this move encourage TSMC to become like Intel?

Rumor: iOS 18 to add new ‘Web Eraser’ and page summarization features to Safari

Apple is reportedly planning big updates to Safari as part of iOS 18 and macOS 15 later this year. According to a report on Tuesday, the changes will include a new AI-powered tool called “Intelligent Search” with page summarization, a “Web Eraser” feature, and more.

iOS 18: New Safari features

The report, which comes from Marko Zivkovic at Apple Insider , cautions that “exact implementation” of these features “remains fuzzy.” We’d treat these claims with skepticism for the time being.

According to Zivkovic, Apple is planning a redesigned controls menu for Safari’s address bar that “consolidates old and new page control tools” in a central location. One of the new tools is reportedly something called “Intelligent Search.”

This feature, which is not enabled by default in test builds of Safari 18, can be activated from the new menu in the address bar. From there, the tool will “identify topics and key phrases within a webpage” and generate a summary of the page. The report speculates that Apple is “striving to deliver text summarization alongside Safari 18 later this year,” but again, the specific details are “fuzzy.”

Arc from The Browser Company  also combines a variety of AI features with web browsing, including page summarization options.

Safari 18 in iOS 18 and macOS 15 will also reportedly include something called “Web Eraser.” This feature is “designed to allow users to remove, or erase, specific portions of web pages,” according to Zivkovic.

Using the Web Eraser feature, users could choose to remove certain elements from a webpage like ads, images, and more. It’s a functionality already offered by certain third-party ad blockers, but Apple is apparently working on its own first-party implementation for iOS 18 and macOS 15.

Notably, any changes you make to a webpage would apply each time you visited that page. “This means that Safari will remember the changes even after the original tab or window has been closed,” Zivkovic says.

When visiting a web page with previously erased content, Safari will inform the user that the page has been modified to reflect their desired changes. The browser will also give the user the option to revert changes and restore the webpage to its initial, unaltered state.

9to5Mac’s Take

Apple implementing what is essentially a built-in ad blocker to Safari could be disastrous for ad-supported online publications like the one you’re reading right now.

Follow Chance :  Threads ,  Twitter ,  Instagram , and  Mastodon . 

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to [email protected]

Manage push notifications

More From Forbes

Ios 18—new apple overhaul reveals exciting iphone ai privacy feature.

• Share to Facebook
• Share to Twitter
• Share to Linkedin

Apple’s soon-to-launch iOS 18 software could include an exciting AI-based privacy feature as part of an overhaul of the Safari browser. The new iPhone feature, dubbed Web Eraser, allows you to browse the web while removing portions of the page, such as ads or other content you don’t want to see.

Web Eraser comes as part of a wider AI-based browser overhaul in iOS 18, according to Apple-focused website Apple Insider , which first reported the news.

Apple’s soon-to-launch iOS 18 software could include an exciting AI based privacy feature as part of ... [+] an overhaul of the Safari browser.

Currently being tested by the iPhone maker, the overhaul includes the advanced content blocking features enabled by Web Eraser, as well as UI tweaks and AI-powered Intelligent Search. The changes to Safari will be included in iOS 18 and macOS 15, according to the report, which cites “people familiar with the matter.”

What Web Eraser Does In iOS 18

From the looks of it, Web Eraser in iOS 18 is a pretty cool feature, building on privacy tools already built into the iPhone maker’s Safari browser. Specifically, it's “designed to allow users to remove, or erase, specific portions of web pages,” including banner ads, images, text or entire page sections.

Apple Confirms Widespread iPhone Changes Coming To Millions Of iPads

Ufc 301 results fighter suffers rare tko via leg gash, the missing factor in explanations of china’s economic distress: covid (part 1: the cover-up).

Apparently, Safari will remember your preferences so they aren’t limited to one specific browsing session. “When visiting a web page with previously erased content, Safari will inform the user that the page has been modified to reflect their desired changes. The browser will also give the user the option to revert changes and restore the webpage to its initial, unaltered state,” Apple Insider writes.

The new controls will be easy to access in the Safari Settings menu.

Exciting New iOS 18 Features Coming Soon

Web Eraser comes alongside multiple new AI-based iOS 18 features for your iPhone, most of which will be processed on the device , at least initially.

It looks like Intelligent Search will use Apple’s large language model Ajax to identify topics and key phrases within a web page.

Essentially, Web Eraser in iOS 18 is an ad blocking feature as offered by many companies, but it’s built into the Safari browser. It’s a great move for privacy—and ease of use since it’s ready made. However, it could create problems for publishers, who rely on web ads for their business revenue.

Apple of course, values privacy as one of its key marketing messages and iOS 18 seems to embrace that ethos wholeheartedly. Apple’s new iPhone operating system will launch in just over a month at its Worldwide Developers Conference and there’s a lot to look forward to for privacy-conscious users.

• Editorial Standards
• Reprints & Permissions

Advertisement

Supported by

Companies Linked to Russian Ransomware Hide in Plain Sight

Cybersecurity experts tracing money paid by American businesses to Russian ransomware gangs found it led to one of Moscow’s most prestigious addresses.

• Share full article

By Andrew E. Kramer

MOSCOW — When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow.

The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victims’ digital data and then demand payments to unscramble it.

Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles.

That this high-rise in Moscow’s financial district has emerged as an apparent hub of such money laundering has convinced many security experts that the Russian authorities tolerate ransomware operators. The targets are almost exclusively outside Russia, they point out, and in at least one case documented in a U.S. sanctions announcement, the suspect was assisting a Russian espionage agency.

“It says a lot,” said Dmitry Smilyanets, a threat intelligence expert with the Massachusetts-based cybersecurity firm Recorded Future. “Russian law enforcement usually has an answer: ‘There is no case open in Russian jurisdiction. There are no victims. How do you expect us to prosecute these honorable people?’”

Recorded Future has counted about 50 cryptocurrency exchanges in Moscow City, a financial district in the capital, that in its assessment are engaged in illicit activity. Other exchanges in the district are not suspected of accepting cryptocurrencies linked to crime.

Cybercrime is just one of many issues fueling tensions between Russia and the United States, along with the Russian military buildup near Ukraine and a recent migrant crisis on the Belarus-Polish border.

The Treasury Department has estimated that Americans have paid $1.6 billion in ransoms since 2011. One Russian ransomware strain, Ryuk, made an estimated $162 million last year encrypting the computer systems of American hospitals during the pandemic and demanding fees to release the data, according to Chainalysis, a company tracking cryptocurrency transactions.

The hospital attacks cast a spotlight on the rapidly expanding criminal industry of ransomware, which is based primarily in Russia. Criminal syndicates have become more efficient, and brazen, in what has become a conveyor-belt-like process of hacking, encrypting and then negotiating for ransom in cryptocurrencies, which can be owned anonymously.

At a summit meeting in June, President Biden pressed President Vladimir V. Putin of Russia to crack down on ransomware after a Russian gang, DarkSide, attacked a major gasoline pipeline on the East Coast, Colonial Pipeline , disrupting supplies and creating lines at gas stations.

American officials point to people like Maksim Yakubets, a skinny 34-year-old with a pompadour haircut whom the United States has identified as a kingpin of a major cybercrime operation calling itself Evil Corp. Cybersecurity analysts have linked his group to a series of ransomware attacks, including one last year targeting the National Rifle Association. A U.S. sanctions announcement accused Mr. Yakubets of also assisting Russia’s Federal Security Service, the main successor to the K.G.B.

But after the State Department announced a $5 million bounty for information leading to his arrest, Mr. Yakubets seemed only to flaunt his impunity in Russia: He was photographed driving in Moscow in a Lamborghini partially painted fluorescent yellow.

The cluster of suspected cryptocurrency exchanges in Federation Tower East, first reported last month by Bloomberg News, further illustrates how the Russian ransomware industry hides in plain sight.

The 97-floor, glass-and-steel high-rise resting on a bend in the Moscow River stands within sight of several government ministries in the financial district, including the Russian Ministry of Digital Development, Signals and Mass Communications .

Two of the Biden administration’s most forceful actions to date targeting ransomware are linked to the tower. In September, the Treasury Department imposed sanctions on a cryptocurrency exchange called Suex, which has offices on the 31st floor. It accused the company of laundering $160 million in illicit funds.

In an interview at the time, a founder of Suex, Vasily Zhabykin, denied any illegal activity.

And last month, Russian news media outlets reported that Dutch police, using a U.S. extradition warrant, had detained the owner, Denis Dubnikov, of another firm called EggChange, with an office on the 22nd floor. In a statement issued by one of his companies, Mr. Dubnikov denied any wrongdoing.

Ransomware is attractive to criminals, cybersecurity experts say, because the attacks take place mostly anonymously and online, minimizing the chances of getting caught. It has mushroomed into a sprawling, highly compartmentalized industry in Russia known to cybersecurity researchers as “ransomware as a service.”

The organizational structure mimics franchises, like McDonald’s or Hertz, that lower barriers to entry, allowing less sophisticated hackers to use established business practices to get into the business. Several high-level gangs develop software and promote fearsome-sounding brands, such as DarkSide or Maze, to intimidate businesses and other organizations that are targets. Other groups that are only loosely related hack into computer systems using the brand and franchised software.

The industry’s growth has been abetted by the rise of cryptocurrencies. That has made old-school money mules, who sometimes had to smuggle cash across borders, practically obsolete.

Laundering the cryptocurrency through exchanges is the final step, and also the most vulnerable, because criminals must exit the anonymous online world to appear at a physical location, where they trade Bitcoin for cash or deposit it in a bank.

The exchange offices are “the end of the Bitcoin and ransomware rainbow,” said Gurvais Grigg, a former F.B.I. agent who is a researcher with Chainalysis, the cryptocurrency tracking company.

The computer codes in virtual currencies allow transactions to be tracked from one user to another, even if the owners’ identities are anonymous, until the cryptocurrency reaches an exchange. There, in theory, records should link the cryptocurrency with a real person or company.

“They are really one of the key points in the whole ransomware strain,” Mr. Grigg said of the exchange offices. Ransomware gangs, he said, “want to make money. And until you cash it out, and you get it through an exchange at a cash-out point, you cannot spend it.”

It is at this point, cybersecurity experts say, that criminals should be identified and apprehended. But the Russian government has allowed the exchanges to flourish, saying that it only investigates cybercrime if Russian laws are violated. Regulations are a gray area in Russia, as elsewhere, in the nascent industry of cryptocurrency trading.

Russian cryptocurrency traders say the United States is imposing an unfair burden of due diligence on their companies, given the quickly evolving nature of regulations.

“The people who are real criminals, who create ransomware, and the people working in Moscow City are completely different people,” Sergei Mendeleyev, a founder of one trader based in Federation Tower East, Garantex, said in an interview. The Russian crypto exchanges, he said, were blamed for crimes they are unaware of.

Mr. Mendeleyev, who no longer works at the company, said American cryptocurrency tracking services provide data to non-Russian exchanges to help them avoid illicit transactions but have refused to work with Russian traders — in part because they suspect the traders might use the information to tip off criminals. That complicates the Russian companies’ efforts to root out illegal activity.

He conceded that not all Russian exchanges tried very hard. Some based in Moscow’s financial district were little more than an office, a safe full of cash and a computer, he said.

At least 15 cryptocurrency exchanges are based in Federation Tower East, according to a list of businesses in the building compiled by Yandex, a Russian mapping service.

In addition to Suex and EggChange, the companies targeted by the Biden administration, cyberresearchers and an international cryptocurrency exchange company have flagged two other building tenants that they suspect of illegal activity involving Bitcoin.

The building manager, Aeon Corp., did not respond to inquiries about the exchanges in its offices.

Like the banks and insurance companies they share space with, those firms are likely to have chosen the site for its status and its stringent building security, said Mr. Smilyanets, the researcher at Recorded Future.

“The Moscow City skyscrapers are very fancy,” he said. “They can post on Instagram with these beautiful sights, beautiful skyscrapers. It boosts their legitimacy.”

An earlier version of a picture caption with this article misstated the year in which Colonial Pipeline was hacked. It was 2021, not 2020.

How we handle corrections

Andrew E. Kramer is a reporter based in the Moscow bureau. He was part of a team that won the 2017 Pulitzer Prize in International Reporting for a series on Russia’s covert projection of power. More about Andrew E. Kramer

Inside the World of Cryptocurrencies

Changpeng Zhao , the billionaire founder of the giant cryptocurrency exchange Binance, was sentenced to four months in prison , a much lighter penalty than other crypto executives have faced since the industry imploded in 2022.

Two years after the cryptocurrency market crashed, there are signs that crypto is booming again in the Philippines , long a center of crypto activity.

Pushed by a nonprofit with ties to the Trump administration, Arkansas became the first state to shield noisy cryptocurrency operators from unhappy neighbors. A furious backlash has some lawmakers considering a statewide ban .

Ben Armstrong, better known as BitBoy, was once the most popular cryptocurrency YouTuber in the world. Then his empire collapsed .

Federal judges are weighing whether digital currencies should be subject to the same rules as stocks and bonds. The outcome could shape crypto’s future in the United States .

• Phone Finder

Apple's Safari browser will get an AI makeover this year

• Post your comment
• Comments (22)

Vlad 30 April 2024

Apple Web browsers Mobile software Rumors

Apple's getting ready to overuse the AI buzzword just like everyone else has been doing for a while, and the big AI push is also coming this year to Safari, the company's web browser, according to a new report.

The next version of Safari will be AI-infused, and it's expected to launch alongside iOS 18 , which means it will most likely be presented at Apple's Worldwide Developers Conference in June .

Safari will get Intelligent Search, which will leverage on-device AI to identify topics and key phrases within a web page you're looking at in order to summarize its contents for you. Apple's large language model (LLM) will identify sentences that provide explanations or describe the structure of objects, depending on the text on the page, and words which are repeated and key sentences will be recognized as topics.

This is said to come in response to (what else?) ChatGPT but of course Apple will deliver its usual twist in that the experience, being on-device, will be much more secure.

Web Eraser will let you remove specific portions of web pages - things like banner ads, images, text, or even entire page sections, with "relative ease". The erasure will be persistent across sessions too, as Safari will remember the changes even after you close the original tab or window.

When you visit the same page again you'll be informed that the page has been modified to reflect your desired changes, and you'll then get an option to revert changes and restore the webpage to its unalerted state if you want.

This sounds a lot like an overcomplicated way to create an ad blocker and use the AI buzzword for that, but ad blockers also do exist, and have predated all these AI shenanigans, so we're not sure what to make of this.

The new Safari will also come with an updated UI, with a new page controls menu giving you easy access to a lot of options that were previously scattered across the UI. Aside from the aforementioned Intelligent Search / Intelligent Browsing and Erase Web Content, this will house other stuff like zoom options, privacy controls, content blocking options, in-page text search, reader mode, and extension shortcuts.

Next year, Apple will integrate a "much more powerful visual search feature" into its browser that will let you "obtain information on consumer products when browsing through images". This is apparently similar to the Visual Lookup feature which lets Siri identify plants, pets, and landmarks in photos.

While all of these things are purportedly already in development, keep in mind that it's not impossible for Apple to delay their launch or cancel some altogether - things that have all happened before.

Reader comments

• 02 May 2024

Since early this year just everyday is AI Just completely 0 day since last AI related articles Truly I do get rip off those AI features. AI sometimes really helpful but sometimes can beyond dangerous

that cat is very beautiful

It’s great if you’re in the Apple ecosystem. I went back to Firefox on my MacBook Pro but I’m still using Safari on my iPhone since Mozilla’s browser is just another WebKit-based one. I do have it installed, though, and will be using it as soon as I’...

• Read all comments

Home News Reviews Compare Coverage Glossary FAQ RSS feed Youtube Facebook Twitter Instagram

© 2000-2024 GSMArena.com Mobile version Android app Tools Contact us Merch store Privacy Terms of use Change Ad Consent Do not sell my data

• International edition
• Australia edition
• Europe edition

Russia-backed hackers behind powerful new malware, UK and US say

Report comes as Ukraine faces cyber-attack and allies brace for state-sponsored hacks

• Russia-Ukraine invasion latest news: follow live updates

A cyber report published by intelligence agencies in the UK and US on Wednesday has attributed insidious new malware to a notorious Russia-backed hacking group.

The findings come as Russia launches an invasion of Ukraine .

The joint research was published by the National Cyber Security Centre in the UK and US agencies including the National Security Agency. It warned that a Russian state-backed hacker group known as Sandworm had developed a new type of malware called Cyclops Blink, which targets firewall devices made by the manufacturer Watchguard to protect computers against hacks.

The sophisticated virus can withstand typical remedies including reboots, the report said. The findings come as the UK and US, allies to Ukraine, are on high alert for Russian state-sponsored hacks. The agencies added that their statement was a “routine advisory” not directly linked to the situation in Ukraine.

However, the US cybersecurity firm Mandiant said the announcement was a reminder of the damage that could be inflicted by Sandworm, which has been blamed for the devastating NotPetya attack on Ukraine in 2017. John Hultquist, a vice-president at Mandiant Threat Intelligence, said Sandworm remained a “capable and clever” adversary.

“In light of the crisis in Ukraine we are very concerned about this actor, who has surpassed all others we track in terms of the aggressive cyber-attacks and information operations they have conducted,” he said. “No other Russian actor has been so brazen and successful in disrupting critical infrastructure in Ukraine and elsewhere.”

Ukraine has suffered a string of cyber-attacks that Kyiv has blamed on Russia. Moscow, which is caught up in a mounting confrontation with the west over Ukraine, has denied any involvement.

Wednesday saw a massive distributed denial of service (DDoS) attack that targeted websites of Ukraine’s government and banks.

“At about 4pm, another mass DDoS attack on our state began. We have relevant data from a number of banks,” said Mykhailo Fedorov, minister of digital transformation, adding that the parliament website was also hit.

Ukrainian authorities said this week they had seen online warnings that hackers were preparing to launch major attacks on government agencies, banks and the defense sector.

Wednesday’s hack was consistent with the country’s tactics to distract and disrupt adversaries while “providing a level of plausible deniability”, said Rick Holland, chief information security officer at the cybersecurity firm Digital Shadows .

“Russia didn’t just decide to invade Ukraine this week,” he said. “Military planners have prepared for this campaign years in advance. Disinformation, false flags, DDoS attacks, and destructive wiper malware are a part of Russian military doctrine; the battle plans have been drawn up and are now being executed.”

The White House said on Wednesday that it was in touch with Ukrainian authorities about their cybersecurity needs, in the wake of the fresh cyber-attack, which the US government has not yet attributed.

“We are in conversations with Ukraine regarding their cyber-related needs including as recently as today and we’re going to move with urgency to assess the nature and extent of this, what steps need to be taken, and therefore a response,” the White House press secretary, Jen Psaki, said.

Reuters contributed reporting

Most viewed

• Election 2024
• Entertainment
• Newsletters
• Photography
• Personal Finance
• AP Investigations
• AP Buyline Personal Finance
• AP Buyline Shopping
• Press Releases
• Israel-Hamas War
• Russia-Ukraine War
• Global elections
• Asia Pacific
• Latin America
• Middle East
• Election Results
• Delegate Tracker
• AP & Elections
• Auto Racing
• 2024 Paris Olympic Games
• Movie reviews
• Book reviews
• Personal finance
• Financial Markets
• Business Highlights
• Financial wellness
• Artificial Intelligence
• Social Media

Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms

FILE - Exterior view of the offices of Vastaamo psychotherapy centre, in Pasila, Helsinki, Saturday, Oct. 24, 2020. A Finnish court on Tuesday sentenced a 26-year-old man to six years and three months in prison for hacking tens of thousands of patient records at a private psychotherapy center and seeking ransom from some patients over the sensitive data. (Heikki Saukkomaa/Lehtikuva via AP, File)

• Copy Link copied

HELSINKI (AP) — A Finnish court on Tuesday sentenced a 26-year-old man to six years and three months in prison for hacking tens of thousands of patient records at a private psychotherapy center and seeking ransom from some patients over the sensitive data.

The case that was initially revealed in October 2020 , has caused outrage and shock in the Nordic nation, with a record number of people — about 24,000 — filing criminal complaints with police.

In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris and deported him to Finland. His trial ended last month.

The Länsi-Uusimaa District Court said Kivimäki was guilty of, among other things, an aggravated data breach, nearly 21,000 aggravated blackmail attempts and more than 9,200 aggravated disseminations of information infringing private life.

The court called the crimes “ruthless” and “very damaging” considering the psychological state of the people involved. According to the charges, Kivimäki in 2018 hacked into the information system of the Vastaamo psychotherapy center and downloaded its database of some 33,000 clients.

Lawyer Jenni Raiskio, who is representing some 1,500 clients, told the Finnish newspaper Helsingin Sanomat in March that at least a few of the victims died by suicide due to the sensitive nature of information in the leaked files.

Vastaamo, which was suspected of lax protection of client data and declared bankruptcy in 2021, had branches throughout the country and operated as a sub-contractor for Finland’s public health system.

Prosecutors said Kivimäki first demanded that Vastaamo pay him an amount equivalent to around 370,000 euros ($396,000) in bitcoins in exchange for not publishing the patient records.

When the center refused, Kivimäki in 2020 began publishing patient information on the dark web and sent patients messages demanding a ransom of 200 euros or 500 euros. About 20 patients paid, prosecutors said.

Kivimäki denied all the charges. His lawyer said he would likely appeal. Prosecutors had sought seven years in prison, the maximum for such crimes under Finnish law.

Kivimäki was first convicted at age 15 after hacking into over 50,000 servers with software he developed, Finnish newspaper Ilta-Sanomat reported in 2022.

In the United States, he was convicted over hacking cases involving the U.S. Air Force and Sony Online Entertainment.

The Vastaamo case led the Finnish government to fast-track a legislative change that allows citizens to change their personal identity codes — a key to accessing public and private services — in cases of gross data breaches that carry a high risk of identity theft.

Watch CBS News

UnitedHealth data breach caused by lack of multifactor authentication, CEO says

By Khristopher J. Brooks

Edited By Anne Marie Lee

Updated on: May 1, 2024 / 8:11 PM EDT / CBS News

Hackers breached the computer system of a UnitedHealth Group subsidiary and released ransomware after stealing someone's password, CEO Andrew Witty testified Wednesday on Capitol Hill. The cybercriminals entered through a portal that didn't have multifactor authentification (MFA) enabled.

During an hourslong congressional hearing, Witty told lawmakers that the company has not yet determined how many patients and health care professionals were impacted by the cyberattack on Change Healthcare in February. The hearing focused on how hackers were able to gain access to Change Healthcare, a separate division of UnitedHealth that the company acquired in October 2022. Members of the House Energy and Commerce Committee asked Witty why the nation's largest health care insurer did not have the basic cybersecurity safeguard in place before the attack.

"Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition," Witty said. "But for some reason, which we continue to investigate, this particular server did not have MFA on it."

Multifactor authentication adds a second layer of security to password-protected accounts by having users enter an auto-generated code sent to their phone or email. A common feature on apps, the safeguard is used to protect customer accounts against hackers who obtain or guess passwords. Witty said all logins for Change Healthcare now have multifactor authentication enabled.

The cyberattack came from Russia-based  ransomware gang ALPHV or BlackCat . The group itself  claimed responsibility  for the attack, alleging it stole more than six terabytes of data, including "sensitive" medical records. The attack triggered a disruption of payment and claims processing around the country, stressing doctor's offices and health care systems by interfering with their ability to file claims and get paid.

Witty confirmed Wednesday that UnitedHealth paid a $22 million ransom in the form of bitcoin to BlackCat, a decision he made on his own, according to prepared testimony before the hearing. Despite the ransom payment, lawmakers said Wednesday that some of the sensitive records from patients have still been posted by hackers on the dark web.

The ransom payment "was one of the hardest decisions I've ever had to make and I wouldn't wish it on anyone," Witty said.

The scale of the attack — Change Healthcare processes 15 billion transactions a year,  according  to the American Hospital Association — meant that even patients who weren't customers of UnitedHealth were potentially affected. The company said earlier this month that personal information that could cover a "substantial portion of people in America" may have been taken in the attack.

The breach has already  cost UnitedHealth Group nearly $900 million , company officials said in reporting first-quarter earnings last week, not including ransom paid.

Ransomware attacks, which involve  disabling a target's computer systems , have become increasingly common within the health care industry. The annual number of ransomware attacks against hospitals and other health care providers  doubled  from 2016 to 2021, according to a 2022 study published in JAMA Health Forum.

Khristopher J. Brooks is a reporter for CBS MoneyWatch. He previously worked as a reporter for the Omaha World-Herald, Newsday and the Florida Times-Union. His reporting primarily focuses on the U.S. housing market, the business of sports and bankruptcy.

More from CBS News

Alabama Supreme Court declines to revisit controversial frozen embryo ruling

Hope Hicks testifies at Trump trial about fallout from "hush money" payments

Dentist accused of poisoning wife tried to plant suicidal letters, cops say

Black men in Georgia were key for Biden in 2020. Can he keep their support?

Germany recalls its ambassador in Russia for a week in protest over a hacker attack

Germany has recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scholz’s party

BERLIN -- Germany said Monday it recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scholz’s party.

Germany last week accused Russian military agents of hacking into the top echelons of Scholz's Social Democrats’ party and other sensitive government and industrial targets. Berlin joined NATO and fellow European countries in warning that Russia’s cyberespionage would have consequences.

The Foreign Office in Berlin said Monday that the government is taking the latest incident “seriously” and that Foreign Minister Annalena Baerbock had decided to call back German Ambassador Alexander Lambsdorff. He would return to Moscow after a week, it said.

“The German government takes this event very seriously as behavior against our liberal democracy and the institutions that support it," Foreign Office spokeswoman Kathrin Deschauer said.

Baerbock said last week that Russian military cyber operators were behind the hacking of emails of the Social Democrats, the leading party in the governing coalition. Officials said the hackers had exploited Microsoft Outlook.

The German Interior Ministry said in a statement last week that the hacking campaign began as early as March 2022, a month after Russia’s full-scale invasion of Ukraine , with emails at the Social Democrat party headquarters accessed beginning that December. It said German companies, including in the defense and aerospace sectors, as well as targets related to the war in Ukraine were the focus of the hacking attacks.

The statement said international efforts led by the FBI shut down in late January a botnet of compromised network devices used by the Russian hackers — known as APT28 or Fancy Bear. The group has a history of malicious and destabilizing behavior, according to the U.S. State Department.

German officials said the attacks persisted for months.

Relations between Russia and the West have been tense since Moscow's attack on Ukraine. The U.S., Germany and many other European countries have been providing military support to Ukraine in the ongoing war.

In Copenhagen, Finnish Prime Minister Petteri Orpo said that “some Europeans still think that the war is only taking place in Ukraine, but right now we are seeing more and more aggressiveness from Russia.”

“We will probably see hybrid attacks in different areas. It can be critical infrastructure,” he added after a meeting with his Danish counterpart Mette Frederiksen. “What Russia is doing and planning is not acceptable. Russia is ready to use any means possible to harm our societies.”

In Prague, the Czech Foreign Ministry summoned Russia’s ambassador over the attacks by the same APT28 group linked to Russia’s GRU military intelligence unit.

“I have decided to summon the Russian ambassador because of the cyber attacks against Czech institutions and critical infrastructure,” Foreign Minister Jan Lipavsky said on X, the social media network. “We have called on the Russian Federation to refrain from this behavior, which is contrary to UN standards and its own obligations.”

Jan Olsen in Copenhagen, Denmark and Karel Janicek in Prague, Czech Republic contributed.

Top Stories

Trump trial: Witness says Cohen's checks were sent to White House to be signed

• 31 minutes ago

'Miracle': Pastor credits divine intervention after man pulls gun on him in church

• May 6, 11:02 AM

Russia announces nuclear weapon drills after angry exchange with Western officials

• May 6, 4:10 AM

US soldier arrested in Russia, US official says

Israel-Gaza live updates: Hamas says it has agreed to a cease-fire proposal

• 32 minutes ago

ABC News Live

24/7 coverage of breaking news and live events

We've detected unusual activity from your computer network

To continue, please click the box below to let us know you're not a robot.

Why did this happen?

Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy .

For inquiries related to this message please contact our support team and provide the reference ID below.

May 6, 2024

Winnipeg 21° C , Cloudy with wind

Full Forecast

• Advertising Contact
• Send a Letter to the Editor
• Staff biographies
• Submit a News Tip
• Subscribe to Newsletters
• Notifications
• Create Account
• Compact View
• About the E-Edition
• Winnipeg Free Press
• Community Review East
• Community Review West
• All Arts & Life
• Celebrities
• Environment
• Food & Drink
• Life & Style
• Science & Technology
• All Business
• Agriculture
• Personal Finance
• Manitoba’s Top Employers
• All Opinion
• Editorial Cartoon
• Letters to the Editor
• Auto Racing
• Blue Bombers
• High School
• Horse Racing
• Winnipeg Jets
• Manitoba Moose
• Reader Bridge
• Free Press 101: How we practise journalism
• Advertising
• Carrier Positions & Retailer Requests
• FP Newspapers Inc.
• Internships
• Job Opportunities
• Local Journalism Initiative
• Retail Locations
• Staff Biographies
• Terms and Conditions
• All Free Press Community Review News
• East Edition
• West Edition
• Classifieds
• All FP Features
• Business Hub
• Drink & Dine
• Health & Wellness
• Whiskers & Wings
• Sponsored Articles
• Property Listings
• Featured News
• Renovation and design
• Resale homes
• Newsletters
• Niigaan and the Lone Ranger
• Photo and Book store
• Become a Patron
• Privacy Policy

© 2024 Winnipeg Free Press

Quick Links

• Publications
• Sponsored Content
• Employee Code of Conduct Policy
• Supplier Code of Conduct Policy
• Report on Forced Labour and Child Labour in Supply Chains

Ways to support us

• Pay it Forward program
• Support Faith coverage
• Support Arts coverage

Replica E-Edition

Arts & Life

• Photo Galleries

Canstar Community news

Notification Settings

This browser doesn't support push notifications at the moment. Check browsers features, update your browser or try to use one from the list of recommended to manage your notifications settings:

• Firefox (27+)
• Google Chrome (30+)
• Safari ( MacOS 13+ with browser 16.1+ and iOS 16.4+ ) / Note make sure Push API support enabled under Settings > Safari > Advanced > Experimental Features
• Microsoft Edge

If you wish to manage your notification settings from this browser you will need to update your browser's settings for this site. Just click button below and allow notifications for this site

Note Safari 16.4+ working on iOS devices also need this site app to be installed at device's Home Screen for Push Notifications to work

Notifications are blocked for this site. If you wish to manage your notification settings from this browser you will need to update your browser's settings. Usually you'd need to click on site options icon to the left of address bar and change notifications preferences/permissions from there

Breaking News

Urgent and important stories

Recommended Reads

Noteworthy news and features

Advertisement

Learn more about Free Press Advertising solutions

Germany recalls its ambassador in Russia for a week in protest over a hacker attack

Advertise with us

BERLIN (AP) — Germany said Monday it recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scholz’s party.

Read this article for free:

Already have an account? Log in here »

To continue reading, please subscribe:

Monthly Digital Subscription

$19 $0 for the first 4 weeks *

• Enjoy unlimited reading on winnipegfreepress.com
• Read the E-Edition, our digital replica newspaper
• Access News Break, our award-winning app
• Play interactive puzzles

*No charge for 4 weeks then billed as $19 every four weeks (new subscribers and qualified returning subscribers only). Cancel anytime.

Read unlimited articles for free today:

Germany last week accused Russian military agents of hacking into the top echelons of Scholz’s Social Democrats’ party and other sensitive government and industrial targets. Berlin has joined NATO and fellow European countries in warning that Russia’s cyberespionage would have consequences.

The Foreign Office in Berlin said Monday that the government is taking the latest incident “seriously” and that Foreign Minister Annalena Baerbock had decided to call back German Ambassador Alexander Lambsdorff. He would return to Moscow after a week, it said.

“The German government takes this event very seriously as behavior against our liberal democracy and the institutions that support it,” Foreign Office spokeswoman Kathrin Deschauer said.

Baerbock said last week that Russian military cyber operators were behind the hacking of emails of the Social Democrats, the leading party in the governing coalition. Officials said the hackers had exploited Microsoft Outlook.

The German Interior Ministry said in a statement last week that the hacking campaign began as early as March 2022, a month after Russia’s full-scale invasion of Ukraine, with emails at the Social Democrat party headquarters accessed beginning that December. It said German companies, including in the defense and aerospace sectors, as well as targets related to the war in Ukraine were the focus of the hacking attacks.

Officials said the attacks persisted for months.

Relations between Russia and the West have been tense since Moscow’s attack on Ukraine. Germany has been providing military support to Ukraine in the ongoing war.

Business Weekly

Monday mornings

The latest local business news and a lookahead to the coming week.

In Copenhagen, Finnish Prime Minister Petteri Orpo said that “some Europeans still think that the war is only taking place in Ukraine, but right now we are seeing more and more aggressiveness from Russia.”

“We will probably see hybrid attacks in different areas. It can be critical infrastructure,” he added after a meeting with his Danish counterpart Mette Frederiksen. “What Russia is doing and planning is not acceptable. Russia is ready to use any means possible to harm our societies.”

Advertisement Advertise With Us

Featured Local Savings

• EILMELDUNG — __proto_headline__

Exklusiver Verkauf auf Plattform Eventim Hackerangriff auf Konzerttickets von Taylor Swift

• Zur Merkliste hinzufügen
• Link kopieren
• Weitere Optionen zum Teilen

Hier noch in São Paulo, bald in Europa: Taylor Swift

Die Sorge vieler Fans war groß, als sich die Nachricht verbreitete: Hacker haben versucht, digitale Konzertkarten für die deutschen Termine von Taylor Swift zu erbeuten und weiterzuverkaufen.

Nun aber gibt die betroffene Plattform Eventim Entwarnung: Die Zahl unautorisierter Weiterverkäufe befinde sich im niedrigen zweistelligen Bereich. Das teilte ein Sprecher der Ticketbörse mit. Transaktionen, die als missbräuchlich identifiziert worden seien, seien rückgängig gemacht worden. Der Weiterkauf von Swift-Tickets sei vorübergehend ausgesetzt worden. Zudem habe Eventim die Polizei eingeschaltet. Mehrere Medien hatten über den Hackerangriff berichtet.

Swift startet in wenigen Tagen den Europateil ihrer Tournee und kommt im Juli auch für einige Termine nach Deutschland. Die Tickets waren nur über Eventim erhältlich und sofort ausverkauft. Als Sicherheitsmaßnahme wurden die Eintrittskarten personalisiert. Es ist lediglich möglich, sie über eine Ticketbörse von Eventim weiterzuverkaufen.

Eventim hat nach Angaben des Sprechers die Passwörter bei einer Reihe von Nutzerinnen und Nutzern als Vorsichtsmaßnahme zurückgesetzt. Das heißt aber nicht, dass all diese Leute vom Hackerangriff betroffen sind. Nach Einrichtung eines neuen Passworts sollten demnach die digitalen Tickets wieder sichtbar sein. Generell empfahl Eventim den Nutzerinnen und Nutzern, ihr Passwort zu ändern.

Mehr lesen über