The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. Ars Technica reports: In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a "likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium -- the name the company uses to identify the hackers behind the SolarWinds supply chain attack -- first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.

The PC market is showing early signs of its growth slowing down, after an impressive run of shipments throughout 2020. From a report: Both IDC and Gartner conclude that growth in the second quarter of PC shipments has slowed this year. Demand for new PCs is still above what we saw before the pandemic hit, but a mixture of softer demand and the effects of the global chip shortage mean it's not growing as quickly. "The market faces mixed signals as far as demand is concerned," says Neha Mahajan, a senior research analyst at IDC. "With businesses opening back up, demand potential in the commercial segment appears promising. However, there are also early indicators of consumer demand slowing down as people shift spending priorities after nearly a year of aggressive PC buying." IDC says more than 83 million PCs were shipped in the second quarter of 2021, while Gartner's own figure is more than 71 million. Gartner does not include Chromebook shipments in its results, but the research firm says "Chromebook shipments were once again strong in the second quarter of 2021." Either way, both firms agree that year-over-year growth in this latest quarter wasn't as strong as 2020's sudden growth.

An anonymous reader quotes a report from NBC News: Financial firms may need to bolster their defenses in the face of rocketing cyberattacks after employees began working from home, the Financial Stability Board (FSB) said on Tuesday. The board, which coordinates financial rules for the G20 group of nations, said remote working since economies went into lockdown to fight Covid-19 opened up new possibilities for cyberattacks. Working from home is expected to stay in some form across the financial services industry and beyond. "Most cyber frameworks did not envisage a scenario of near-universal remote working and the exploitation of such a situation by cyber threat actors," the FSB said in a report to G20 ministers and central banks.

Cyber activities such as phishing, malware and ransomware grew from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April, the FSB said. "Financial institutions have generally been resilient but they may need to consider adjustments to cyber risk management processes, cyber incident reporting, response and recovery activities, as well as management of critical third-party service providers, for example cloud services," the FSB said. The FSB, chaired by Federal Reserve Vice Chair Randal Quarles and comprising regulators and central banks from leading financial centers, will publish a final report in October setting out its next steps. It has already made proposals for strengthening the resilience of money market funds which suffered severed stresses during last year's market turmoil.