An extraordinary iPhone hacking campaign revealed by Google last week may be linked to other Android spying campaigns focused on websites related to the Uyghurs, a Chinese Muslim minority group, and the East Turkistan region of China, according to new research from Volexity.
Security needs to be reinvented for the internet of things, and start-up companies can play a critical role, says Robin Saxby, the former CEO and founder of Arm Holdings, a U.K.-based semiconductor company, who now invests in start-up firms.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
French police say they've disrupted the operations of the Retadup malware gang by subverting attackers' command-and-control infrastructure to delete the malicious code from 850,000 infected PCs and servers worldwide. The move came after police received a tip and technical assistance from security firm Avast.
Network detection and response, endpoint detection and response, and SIEM are the "visibility triad" of critical data sources for effective threat hunting and incident response, says Matt Cauthorn of Extrahop, who explains why.
Apple released a patch on Monday that fixes a bug it accidentally reintroduced in a previous patch update. The flaw allowed iOS enthusiasts to jailbreak their up-to-date devices, but also could have been put to malicious use by hackers.
VMware is acquiring cloud security firm Carbon Black in a $2.1 billion cash deal to bolster the virtualization giant's security portfolio. It's also acquiring Pivotal, a company that focuses on helping its customers build applications in the cloud as well as through new technologies such as containers.
Ransomware-wielding attackers continue to target not just big businesses and large government agencies, but increasingly their smaller counterparts too. In Texas, officials say a campaign tied to a "single threat actor" infected 22 local government agencies on Friday.
Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.
Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.
The news that serial entrepreneur Elon Musk and scientists have unveiled Neuralink - a neuroscience startup that's been in stealth mode for two years and aims to create a new computer/brain interface - might make you ask: What took him so long? Before signing up, just make sure it's immune to ransomware.
Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.
Threat actors are increasingly targeting the APAC region for payment card fraud, according to a report from Gemini Advisory. For example, a group of hackers recently stole information on more than 1 million credit cards in South Korea. What can be done to stop the fraud?
Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition. For Broadcom, it means gaining well-developed security offerings as it seeks to grow its infrastructure business.