Hack an iPhone, win $ 1 million


Apple has massively increased the amount it’s offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. It’s by far the highest bug bounty on offer from any major tech company.

That’s up from $200,000, and in the fall the program will be open to all researchers. Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.

As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.

Forbes also revealed on Monday that Apple was to give bug bounty participants “developer devices”—iPhones that let hackers dive further into iOS. They can, for instance, pause the processor to look at what’s happening with data in memory. Krstić confirmed the iOS Security Research Device program would be by application only. It will arrive next year.

$1 million for an iPhone hack

The full $1 million will go to researchers who can find a hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There’s also a 50% bonus for hackers who can find weaknesses in software before it's released.

Apple is increasing those rewards in the face of an increasingly profitable private market where hackers sell the same information to governments for vast sums.

As Maor Shwartz told Forbes, the cost of a single exploit (a program that uses vulnerabilities typically to take control of a computer or phone) can fetch as much as $1.5 millon. An exploit targeting WhatsApp where no clicks are required from the user, for instance, can be sold to a government agency for that much, though such tools are rare. Only one or two a year will be sold, from a pool of around 400 researchers who focus on such high-end hacking. “It’s really hard to research them and produce a working exploit,” he said.

Bulgaria’s tax agency hacker released

A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.

Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria's capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor's office.

Due to his work, which involves testing computer networks for potential vulnerabilities, some believe Boykov is a "white hat hacker" — a hacker that breaks into computer networks to expose vulnerabilities and push for the weaknesses to be fixed.

He has made news in Bulgaria before. In 2017, he hacked the Bulgarian education ministry's website to expose its vulnerabilities. In a television interview, he described the work as "fulfilling my civic duty."

Sofia prosecutors claim they tracked one of the stolen files from the latest data breach to a username used by Boykov. Boykov and his lawyer reject the allegations against him and say he was not involved in the incident.

The hack of the nation's tax agency database is believed to be the largest data breach in Bulgaria's history. Nearly every working adult in Bulgaria was impacted. In a country of 7 million, more than 5 million people had personal data such as social security information, addresses, incomes and names leaked and made easily accessible on the Internet.

Boykov was initially charged with a computer crime against critical infrastructure, with a maximum sentence of eight years in jail. Those charges were dropped and he was given a lesser charge of crime against information systems, which has a maximum jail sentence of three years.

The initial hack is believed to have happened in June. The breach remained undetected until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack. In the email, the sender claimed to be a Russian hacker, gave downloadable links to the stolen information and mocked Bulgaria's cybersecurity efforts.

Facebook page of Mancera,Mayor of Mexico City hacked

An unknown cybercriminals compromised the official facebook page of the Miguel Ángel Mancera, the Head of Government of the Mexican Federal District.

After hackers hijacked the page, the officials immediately suspended the facebook page to prevent misuse.

"Please note that the account of # Facebook's # JefeDeGob @manceramiguelmx has been hacked." reads the message posted in the @GobiernoDF. (translated)


"We have suspended the Facebook page to detect the causes of the inadequate functioning. Thanks for your understanding" The tweet posted by the @ManceraConecta .(translated)


South African Police Service website breached by #Anonymous


The official website of South African Police Service has been breached by the Anonymous hacktivist with online name "DomainerAnon". 

"This action is to serve as a reminder to the government regarding the murders of 34 protesting miners outside the Marikana platinum mine by police. "Hacker stated as reason for the attack.

"To date no officers have been brought to justice... This situation will NOT be tolerated. #OpMarikanaMiners"

The hacker provided a link to the database dump(pastebay.com/1232460) that includes Usernames, hashed passwords, Telephone numbers and few other details.

He also shared a 13Mb size file named "EMAILS.csv" in the DatafileHost which is said to be contain emails.

Sri Lanka Ports Authority(SLPA) website hacked by Davy Jones

A Hacker called himself as Davy Jones hacked into the official website of Sri Lanka Ports Authority (SLPA.lk) and uploaded the defacement page in the site.

Sri Lanka Ports Authority (also abbreviated SLPA) is a government agency responsible for the development and maintenance of all commercial ports in Sri Lanka.

The Defacement page

The main page is not affected by the defacement. The hacker simply uploaded a html file "deface3.html" in the upload folder of Admin(slpa.lk/admin/upload/deface3.html)

The hacker recently breached the two famous Sri Lankan Tv Channel websites namely Rupavahini TV and One SriLanka.

Recently a hacker with online handle "Game over" has defaced Sri Lankan National Security Media Centre website.