Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes. [...]
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. [...]
The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins. [...]
Enlarge / Gabriel Weinberg, creator of DuckDuckGo. (credit: Washington Post | Getty Images) At the end of April, Apple’s introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized …
I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this …
The leak included model information, chat messages and payment details. [...]
Group of 10 MPs and peers say Boris Johnson’s government has prioritised trade over national security Boris Johnson’s government has been accused by MPs of prioritising trade agreements over national security in its handling of surveillance abuses on British soil by governments using spyware made by the …
Analysis: while identity of hackers is not known in this case, Palestinians have long been spied on by Israeli military The disclosure that Palestinian human rights defenders were reportedly hacked using NSO’s Pegasus spyware will come as little surprise to two groups of people: Palestinians themselves and the …
Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation. [...]
Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said. [...]
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. [...]
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees. [...]
New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website http://thispersondoesnotexist.com, taunts users with GAN generated images that seem too real to believe. On the …
It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance. To respect “privacy and human dignity,” MEPs said that EU lawmakers should pass a permanent ban on the automated …
Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it. [...]
An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch's source code, comments going back to its inception and more. [...]
The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients. [...]
A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans. [...]
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. [...]
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests. [...]
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. [...]
"Time to find out who in your family secretly ran... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. [...]
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety. [...]
Compliance in the cloud is fraught with myths and misconceptions. This is particularly true when it comes to something as broad as disaster recovery (DR) compliance where the requirements are rarely prescriptive and often based on legacy risk-mitigation techniques that don’t account for the exceptional resilience of modern …
Compliance in the cloud can seem challenging, especially for organizations in heavily regulated sectors such as financial services. Regulated financial institutions (FIs) must comply with laws and regulations (often in multiple jurisdictions), global security standards, their own corporate policies, and even contractual obligations with their customers and counterparties. These …