Google's Project Zero has released details of its research into a quiet, sustained watering-hole campaign against iPhone users. They found five distinct exploit chains in use by the attackers. "There was no target discrimination," Google's blog says, "simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week." Apple patched the zero-day vulnerability the campaign exploited in February. Google notes that this single campaign probably represents the proverbial tip of the iceberg. There are probably others, Mountain View says, that remain undetected.
The Wall Street Journal reports that US prosecutors are investigating Huawei for alleged intellectual property theft.
PerCSoft, cloud provider for Digital Dental Record and a widely used back-up data repository for the US dental profession, has sustained a ransomware attack. KrebsOnSecurity says that PerCSoft may have paid the ransom to obtain a decryptor, but there are reports the decryptor hasn't been fully successful. The ransomware strain involved appears to be REvil, also known as Sodinokibi.
Apple has responded to privacy concerns over its recording of Siri interactions by deciding to disable recording and storage by default. This autumn users will be given the option of turning it on, Ars Technica reports, should they be interested in helping train the AI.
Cryptojacking charges have been added to the ones accused Capital One hacker Paige Thompson faces. An additional indictment was filed Wednesday, Infosecurity Magazine reports.