Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. reader comments 37 with 30 posters participating Share this story A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company… Read More »
Getty Images reader comments 23 with 19 posters participating Share this story At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday. The vulnerabilities in Pulse Connect Secure, a VPN that… Read More »
Getty Images reader comments 63 with 54 posters participating Share this story When Apple released the latest version 11.3 for macOS on Monday, it didn’t just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms,… Read More »
reader comments 38 with 31 posters participating Share this story For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—the brainchild behind the Signal messaging app—has turned the tables. On Wednesday, Marlinspike… Read More »
reader comments 51 with 41 posters participating Share this story Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said. At least one of the security… Read More »
Getty Images reader comments 15 with 13 posters participating Share this story A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said. Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s… Read More »
Getty Images reader comments 15 with 13 posters participating Share this story Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. The ransomware known as Cring came to public attention… Read More »
reader comments 1 with 1 posters participating Share this story The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities… Read More »
(credit: Aurich Lawson / Ars Technica) Microsoft Exchange servers compromised in a first round of attacks are getting infected for a second time by a ransomware gang that is trying to profit from a rash of exploits that caught organizations around the world flat-footed. The ransomware—known as Black Kingdom, DEMON, and DemonWare—is demanding $10,000 for… Read More »
Getty Images reader comments 27 with 23 posters participating Share this story In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5… Read More »