HackDig : Dig high-quality web security articles

Apple Confirms New Zero-Day Attacks on Older iPhones

Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year.“Apple is aware of reports that an exploit for this issue exists in t
Publish At:2021-09-23 19:47 | Read:20 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Apple Deprecates Outdated TLS Protocols in iOS, macOS

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.Over two decades old, TLS 1.0 h
Publish At:2021-09-23 11:32 | Read:48 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Identity & Access Ri

The Evolution of Mobile Specific Phishing

Over the last few months, the Zimperium zLabs team has been actively monitoring the rise in phishing attacks and some new data started to stand out. While phishing has predominantly been device-agnostic, meaning it did not rely on or change based on the operating system or device type, a trend began to emerge showing an increase in mobile-specific phishing
Publish At:2021-09-23 09:35 | Read:232 | Comments:0 | Tags:Mobile Security Mobile Threat Defense Phishing mobile phishi

Lithuanian Agency Warns Against Use of Chinese-made Phones

Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese smartphone brands after an investigation identified security vulnerabilities and censorship concerns with certain devices.Lithuania’s National Cyber Security Center said it found four major cybersecurity risks for devices made by Huawei and Xiaomi, inc
Publish At:2021-09-22 19:47 | Read:164 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY

Your new car may be safer and smarter, but is it cyber-secure?

The auto industry reached an important milestone in 2020: more than half of the cars sold globally included internet connectivity as a standard feature. Modern vehicles have started to resemble mobile supercomputers, with each one containing millions of lines of code and able to process vast amounts of data. They’ve also begun integrating with mobile
Publish At:2021-09-22 09:35 | Read:56 | Comments:0 | Tags:App Security Mobile Security connected cars cyber security h

Russia-Linked Turla APT Uses New Backdoor in Latest Attacks

Security researchers at Cisco Talos have identified a new backdoor that Russian cyberespionage group Turla is believed to have been using in attacks since last year.Likely a second-chance backdoor, the malware is simple but capable of maintaining a prolonged stealthy presence on infected machines. Turla used the backdoor in attacks on targets in the United S
Publish At:2021-09-21 15:27 | Read:174 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Apple Ships iOS 15 with MFA Code Generator

Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.The iOS 15 makeover also includes patches for at least 22 documented security vulnerabilities, some serious enough to expose iPhone and iPad users to remote denial-
Publish At:2021-09-20 15:27 | Read:23 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

Google Helps OSTIF Boost Security of Open Source Projects

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open sourc
Publish At:2021-09-16 19:48 | Read:244 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

Endpoint Security Platform Kolide Banks $17 Million Investment

Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.The funding round was led by Boston-based venture capital OpenView Partners. Matrix Partners, who led Kolide’s Series A, also invested in the new round.Kolide sells a Security-as-a-Service (SaaS) platform that
Publish At:2021-09-16 19:47 | Read:176 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Researchers Create Toolkit for Hardware Security Tests on Apple's Mobile Processors

A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.Using the permanent exploit known as checkm8 as a starting point, the researchers implemented a BootROM toolkit to test Apple’s A10 Fusion system-on-a-chip (SoC)
Publish At:2021-09-16 11:30 | Read:149 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities security

Apple Security Flaw: How do 'Zero-Click' Attacks Work?

Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such "zero-click" attacks work, and can they be stopped? What is a 'zero-click' hack? Spying software has traditionally relied on convincing the targeted person to cli
Publish At:2021-09-14 15:26 | Read:140 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities security

Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole

Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office doc
Publish At:2021-09-14 15:26 | Read:207 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Pegasus Spyware Resurfaces with Newly Discovered Zero-Click Vulnerability

On September 13, The Citizen Lab revealed new research surrounding the Pegasus spyware campaign, presenting their discovery of a zero-click vulnerability targeting Apple devices across the entire endpoint ecosystem. In response to the disclosure, Apple has released security updates for all their devices from mobile to desktop. With Zimperium’s machine learn
Publish At:2021-09-14 13:30 | Read:137 | Comments:0 | Tags:iOS Mobile Security Mobile Threat Defense News ios vulnerabi

Google Warns of Exploited Zero-Days in Chrome Browser

Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.On the same day Apple pushed out iOS and macOS patches to address gaping security holes, Google shipped an advisory of its own to warn of a pair of already-exploited flaws in its desktop Chrome browser.“Google is aware that exploits for CVE-2021-3063
Publish At:2021-09-13 19:46 | Read:216 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Apple on Monday rolled out fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the “actively exploited” zero-day category.As is customary, Apple did not provide any additional details on the live attacks beyond crediting Citizen Lab for one of the discoveries, a major clue the patch covers the FORCEDENTRY zero-c
Publish At:2021-09-13 15:26 | Read:202 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security NEWS & IN

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud