Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.Read More Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Tens of Vulnerabilities Patched by Apple in macOS and iOS
Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code exe…
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.Read More French Launch NSO Probe After Macron Believed Spyware Target
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.Read More Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.Read More Why Your Business Needs a Long-Term Remote Security Strategy
Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs.
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity
The United Nations’ human rights chief voiced alarm Monday over the reported use of military-grade malware from Israel-based NSO Group to spy on journalists, human rights activists and political dissidents.
Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID.
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.Read More Unpatched iPhone Bug Allows Remote Device Takeover
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.Read More Protecting Phones From Pegasus-Like Spyware Attacks
Reports that Israel-made Pegasus spyware has been used to monitor activists, journalists and politicians around the world highlight the diplomatic risks of nurturing and exporting “oppressive technology”, experts warned Monday.
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians — possible targets of iPhone and Android hacking.Read More Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday.
Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel.Read More The Evolving Role of the CISO
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.Read More Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.Read More Updated Joker Malware Floods into Android Apps
German software maker SAP has released 12 new security notes as part of its July 2021 security patch day, as well as updates for three previously released security notes.
Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker blocking mechanism.
Google on Wednesday announced the availability of the July 2021 security updates for the Android operating system, which include patches for over 40 vulnerabilities.
With no bad behavior, the mobile apps are difficult to detect by automated security scans
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.Read More Cloud Cryptomining Swindle in Google Play Rakes in Cash
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.Read More Android Apps in Google Play Harvest Facebook Credentials
In an almost exclusively mobile world and the increased usage of mobile devices to access corporate data, cybercriminals started taking advantage of the vulnerability of such devices. As a result, cyberattacks on mobile devices have skyrocketed. To sel…Read More How do I select a mobile threat defense solution for my business?
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.Read More Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
Security researchers at Microsoft are flagging multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise.
Over the past year, consumers have adapted to many changes, including the rapid shift towards a digital-first lifestyle. This has led to an emphasis on consumers dependence on mobile devices, as they look to execute nearly all daily activities via devi…Read More Consumers neglecting mobile security despite growing number of threats
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).Read More 5G Security Vulnerabilities Fluster Mobile Operators
Jeremiah Grossman’s Bit Discovery has banked another $4 million in venture capital funding to compete in the crowded attack surface management space.
Amazon’s AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools.
Financial terms of the transaction were not released. Prior to the acquisition, Wickr raised a total of …
Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled.
The U.S. government’s National Security Agency (NSA) on Tuesday announced plans to fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious hackers.
Multiple vulnerabilities recently patched in Zephyr’s Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys …Read More Vulnerabilities in Zephyr’s Bluetooth LE Stack May Lead to DoS Attacks
One in five of the most-popular apps for kids under 13 on Google Play don’t comply with COPPA regulations on how children’s information is collected and used.Read More Kids’ Apps on Google Play Rife with Privacy Violations
A group of academic researchers has created a tool that can be used to clone Android malware and test the resilience of these new variants against anti-malware detection.
53 percent of IT decision makers admitted that it’s not possible to be prepared for all the tactics and strategies used by attackers targeting mobile devices, a survey by Sapio Research reveals. Going one step further, 38 percent claimed that it’s impo…Read More 76% of IT decision makers more vulnerable to mobile attacks than just a year ago
… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.Read More iPhone Wi-Fi Crushed by Weird Network
Google wants to bring “salsa” to drive enforcement at the software supply chain security party.
The second wave of the pandemic has hit India hard from a cybersecurity perspective. There has been a…
The post Breaches and Incidents: Top 5 Cyber-attacks in Quarter 1 – 2021 appeared first on Quick Heal Blog | Latest computer security news, t…
Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
In a paper published Wednesday, researchers f…
Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last six years.
The EU’s proposed new rules to rein in tech giants risk undermining the security of the iPhone, Apple chief Tim Cook warned Wednesday.
The European Union last year unveiled tough draft rules targeting tech giants like Apple, Google, Amazon and Facebook…
Google has finally enabled end-to-end encryption (E2EE) for the Messages app in Android but the privacy-enhancing tool remains somewhat limited.
Google announced end-to-end encryption is now available in Android, but only for one-on-one conversations b…
Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.Read More Takeaways from the Colonial Pipeline Ransomware Attack
Seeking to protect its image as a guardian of personal privacy, Apple maintains it was blindsided and handcuffed by a Trump administration probe that resulted in the company handing over phone data from two Democratic congressmen.
For the last three years, Joker Trojan is making its way on Google Play Store. Quick Heal Security…
The post Google Play store applications laced with Joker malware yet again appeared first on Quick Heal Blog | Latest computer security news, tips, an…
Malicious hackers are exploiting an old VPN security flaw to compromise SonicWall SRC (secure remote access) devices, according to a warning from security vendor CrowdStrike.
Google has patched its Chrome browser, fixing one critical cache issue and a second bug being actively exploited in the wild.Read More Chrome Browser Bug Under Active Attack
Amazon this week activated its proprietary mesh network known as Sidewalk, linking tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poo…Read More Amazon Sidewalk Mesh Network Raises Security, Privacy Concerns
Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and conta…Read More How Hidden Vulnerabilities will Lead to Mobile Device Compromises
Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats….Read More 2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs
Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised
The post Take action now – FluBot malware may be on its way appeared first on WeLiveSecurity
ESET research reveals that common Android stalkerware apps are riddled with vulnerabilities that further jeopardize victims and expose the privacy and security of the snoopers themselves
The post Android stalkerware threatens victims further and expose…
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.Read More Beyond MFA: Rethinking the Authentication Key
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers.Read More Apple’s ‘Find My’ Network Exploited via Bluetooth
A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required.Read More Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range.Read More ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
Apple also claims to have foiled US$1.5 billion worth of potentially fraudulent transactions
The post 1 million risky apps rejected or removed from Apple’s App Store in 2020 appeared first on WeLiveSecurity
Malware first observed in Italy can steal victims’ credentials and SMS messages as well as livestream device screens on demand.Read More TeaBot Trojan Targets Banks via Hijacked Android Handsets
Acquisition will extend Jamf’s Zero Trust Network Access, threat defense and data policy enforcement for Apple devices
An ingenious attack on Android devices self-propagates, with the potential for a range of damage.Read More Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack
The remote workforce will continue post-pandemic and organizations want better tools to secure their dispersed workforce.Read More One-third of organizations question IT infrastructure supporting remote workforce, says BlackBerry report
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.Read More iPhone Hack Allegedly Used to Spy on China’s Uyghurs
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.Read More Qualcomm Chip Bug Opens Android Fans to Eavesdropping
On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.Read More Apple Fixes Zero‑Day Security Bugs Under Active Attack
The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.Read More Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites
The malware sends automated replies to messages on WhatsApp and other major chat apps
The post WhatsApp Pink: Watch out for this fake update appeared first on WeLiveSecurity
As an avid smartphone user, do you get frustrated at not finding the app you want on the…
The post The risks of downloading apps from unauthorized app stores appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication
The post Beware Android trojan posing as Clubhouse app appeared first on WeLiveSecurity
COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.Read More Stalkerware Volumes Remain Concerningly High, Despite Bans
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.Read More Health Website Leaks 8 Million COVID-19 Test Results
At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorde…Read More Assume ClubHouse Conversations Are Being Recorded, Researchers Warn
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 mil…Read More Kia Motors Hit With $20M Ransomware Attack – Report
A malicious adware-distributing application specifically targets Apple’s new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.Read More Mac Malware Targets Apple’s In-House M1 Processor
How 2020 Has Shaped The Way We Live Our Lives I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left […]Read More How 2020 Has Shaped The Way We Live Our Lives
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase.Read More Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies
Hundreds of thousands of individuals are potentially affected by this vulnerability.Read More Misconfigured Baby Monitors Allow Unauthorized Viewing
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed.Read More Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.Read More Cybercrooks Rake in $304M in Romance Scams
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.Read More mHealth Apps Expose Millions to Cyberattacks
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.Read More ‘Annoyingly Believable’ Tax Scam Targets Mobile Users
The attackers ported victims’ cell phone lines and then defeated 2FA to access accounts and apps.Read More Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.Read More Various Malware Lurks in Discord App to Target Gamers
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.Read More Hybrid, Older Users Most-Targeted by Gmail Attackers
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app
The post Wormable Android malware spreads via WhatsApp messages appeared first on WeLiveSecurity
Article by Dennis Okpara, Chief Security Architect & DPO at IDEE GmbHYes, there is hope for 2021, but the challenges of the “New Normal” are here to stay. CISOs have to prepare and start acting now, because cybersecurity and the IT-infrastruct…Read More Trends in IT-Security and IAM in 2021, the “New Normal” and beyond
Article by Tom Kellerman, Head of Cybersecurity Strategy, Rick McElroy, Head of Security Strategy and Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black Everything is different, and yet the same. As we look ahead to the cybersecurity lan…Read More Six Trends Shaping the 2021 Cybersecurity Outlook
How To Stay Safe While Shopping Online This Holiday Season I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – […]Read More Christmas Shopping 2020
Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – […]
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.Read More Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List
How Searching For Your Favourite Celebrity May Not End Well 2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, […]
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.Read More How Searching For Your Favourite Celebrity May Not End Well
Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth […]
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.Read More Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020
Special Delivery: Don’t Fall for the USPS SMiShing Scam According to Statista, 3.5 billion people worldwide are forecasted to own a smartphone by the end of 2020. These connected devices allow us to have a wealth of apps and information constantly at our fingertips – empowering us to remain in constant contact with loved ones, […]
The post Special Delivery: Don’t Fall for the USPS SMiShing Scam appeared first on McAfee Blogs.Read More Special Delivery: Don’t Fall for the USPS SMiShing Scam