Enlarge (credit: Getty Images) Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential candidate with sophisticated spyware developed by a commercial exploit seller, Google and researchers from Citizen Lab...

Enlarge (credit: Getty Images) Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to...

Enlarge (credit: Getty Images) On Monday, Amazon introduced a new policy that limits Kindle authors from self-publishing more than three books per day on its platform, reports The Guardian. The rule comes as Amazon works to curb abuses of its...

Workflow management software provider ServiceNow has embedded a chatbot for assisting customers with most of its products.ServiceNow’s new Now Assist tool is an expansion to its AI-powered Now Platform, and is available in its Vancouver software release for IT Service Management (ITSM), Customer Service Management (CSM), HR Service Delivery (HRSD), and Creator workflow application.To read...

Four years after it started life as a white paper, the UK government’s controversial Online Safety Bill has finally passed through Parliament and is set to become law in the coming weeks.The  bill aims to keep websites and different types of internet-based services free of illegal and harmful material...

Imagine running fleets of iPhones that alert you when unexpected security-related incidents take place, or when otherwise legitimate service requests arrive from devices at an unexpected time or location. Imagine management and security software that not only identified these kinds of anomalies but gave you useful advice to help...

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.

The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world's system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world's system code, either by changing C/C++ into something that's memory-safe, or rewriting everything...

Today is the 20th anniversary of the Slammer worm. I'm still angry over it, so I thought I'd write up my anger. This post will be of interest to nobody, it's just me venting my bitterness and get off my lawn!!Back in the day, I wrote "BlackICE", an intrusion...

I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It's some weird nerd cult. Techies frequently mention RISC in conversation, with other techies nodding their head in agreement, but it's all wrong....

Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,

Have you updated your iPhone to iOS 17? You should check your privacy settings as they could reveal an unwanted and surprising change.

Citizen Lab alongside Google’s Threat Analysis Group, has uncovered a no-click zero-day exploit chain impacting iPhones, iPads, Apple Watch and Macs.

Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as confidence in the code quality and ease of code review. Security:...

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection TeamWhen you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is...

Posted by Jon Bottarini and Hamzeh Zawawy, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over the past few years Android has been focused on improving the effectiveness, scope, and convenience of fuzzing across the organization. This effort has directly resulted in improved test coverage, fewer security/stability...

The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Learn more about the threat in my article for the Tripwire State of Security blog.

Donald Trump Jr may not have just inherited his famous father's name. He may also have inherited his bad password security.

Do you know what data your car is collecting about you? Do you think it’s right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video? All this and much much more is...

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies...

More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with...

In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of...

Insider threats may sound like an act of revenge – disgruntled employees, contractors or partners misusing their access privileges to cause harm to an organisation, most often resulting in the loss of data or access to crucial systems. But this preconceived notion is largely false – two out of...

1. Accusation at the Heart of British Democracy Background on the Tory Parliamentary Expert A Tory parliamentary expert on China has been accused of spying for Beijing from a position at the very heart of the seat of British democracy has declared they are completely innocent. The unnamed male...

There are only three certainties in life. Death, taxes and cybercriminals attempting to steal information they can flip for money. Verizon’s annual Data Breach Investigation Report analyzed more than 23,000 security incidents that occurred in 2022 alone, demonstrating just how attempts at illicit information harvesting have proliferated. One of...

National Student Clearinghouse reveals more details of incident

Tabletop exercise assessed the cybersecurity response capabilities, plans and procedures for the event

Kaspersky said these services range from $20 per day to $10,000 a month

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will...

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least...

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the...

Parenting styles run the gamut and so do the features in parental control and monitoring utilities. We've tested the top hardware- and software-based services to help you choose the right one for your family.

Windows Defender is improving, but you still shouldn't rely on Windows 10's security tools as your sole means of protection. Many free third-party security apps are more effective at keeping you safe. We've tested 17 no-cost services to help you find the best free antivirus for protecting your PC....

Parental control app Qustodio is a highly configurable, easy-to-manage tool for keeping track of your child's activity on Windows, Mac, iOS, and Android devices, though it comes at a premium price.

The Department of Transportation has led the way in leveling-up security for the energy and transportation industries – and more critical infrastructure sectors will follow.

Much like WormGPT, Netenrich researchers said this new set of phishing tools has also focused on business emails compromises (BEC).

Reports of individuals and groups hacking for political reasons are everywhere, but experts tell SC Media that "true" hacktivism may be dead as we redefine the term to include a broader range of motivations.

An ancient squid: New research on fossils has revealed that a vampire-like ancient squid haunted Earth’s oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker attachments. The discovery...

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who...

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with...

iOS 17 enhances privacy with Lockdown Mode, anti-tracking, and secure passkeys. NSO's Pegasus spyware targets journalists. Microsoft warns of cybersecurity threats in live sports events. The post Checklist 344: iOS 17, Pegasus, and Sportsball! appeared first on SecureMac.

This week we discuss Apple resuming their efforts to battle pegasus, urgent security updates, and what went down at Apple's Wonderlust event. The post Checklist 343: Pegasus and Wonderlust appeared first on SecureMac.

In this week's Checklist podcast, we go over Blackberry's cybersecurity solutions, ARPA-H's healthcare systems cybersecurity initiative, and more. The post Checklist 342: Cyberattacks, Moonshots, and HIPAA appeared first on SecureMac.

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Government of Bermuda blames Russian threat actors for the cyber attackCity of...

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog. Trend Micro this week has released...

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database credentials, the Cybernews research team has discovered. The company, formed in...

Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event. The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on SecurityWeek.

Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on SecurityWeek.

For retail businesses, the POS system is arguably their most important IT system. This TechRepublic Premium guide, and the accompanying checklist, will help you successfully secure a POS system for your business enterprise. From the guide: ACCESS CONTROLS The first line of defense in any POS system is the...

On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.

What is the best CSPM tool for your business? Use our guide to review our picks for the best cloud security posture management (CSPM) tools for 2023.

Company says it believes about 193,000 customers are affected by the breach, which it spotted in early SeptemberFollow our Australia news live blog for latest updatesGet our morning and afternoon news emails, free app or daily news podcastPizza Hut’s Australian operations have been hit by a cyber-attack, the company...

Details of ‘thousands’ of officers may have been taken by hackers after breach of third-party supplierThe details of thousands of Greater Manchester police officers have been hacked as part of a cyber-attack.The force said one of its third-party suppliers had been breached in a ransomware attack that was being...

The government is about to award a £480m contract to build a vast new database of patient data. But if people don’t trust it, they’ll opt out – I know, because I felt I had toLast December, I had an abortion. Most unwanted pregnancies set a panic-timer ticking, but...

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach...

Holes in iOS, macOS and more fixed up after tip off from Google, Citizen Lab Apple has emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…

Holes in iOS, macOS and more fixed up after tip off from Google, Citizen Lab Apple has emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…

In this episode of the podcast, host Paul Roberts speaks with Colin O'Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home's electric oven - and the bigger questions about owners rights to fix, tinker with or replace the software that...

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts. The post Spotlight Podcast: Are you...Read...

New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore. The post Attacks on APIs demand a Security Re-Think appeared first on The Security Ledger with Paul F. Roberts. Related StoriesMalicious Automation is driving API Security BreachesThe surveys speak:...

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSiteWell that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa, keynoting at Experts Live EU and taking a "beer spa"...

Presently sponsored by: 1 in 3 families have been affected by fraud. Secure your personal info with Aura’s award-winning identity protection. Start free trial.It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another...

Presently sponsored by: Fastmail. Check out Masked Email, built with 1Password. One click gets you a unique email address for every online signup. Try it now!I'm in Spain! Alicante, to be specific, where we've spent the last few days doing family wedding things, and I reckon we scrubbed up...

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East

ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.

As civil conflict continues in and above the streets of Khartoum, satellite images from the Conflict Observatory at Yale University have captured the catastrophic damage.

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

Plus: Spyware-packing ads, TikTok GDPR violations, Elon Musk investigations, and more.

From a military-standardized build to a complex passphrase mode, Kingston's IronKey is one of the most secure USBs you can buy.

Aimed at iOS 17/iPadOS 17 and WatchOS 10, the bug fixes are designed to combat zero-day vulnerabilities that could let someone remotely control your device.

If you use Bitwarden password manager, there's a simple feature that can come in very handy. Let's find out how to use custom fields.