Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year.“Apple is aware of reports that an exploit for this issue exists in t

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.Over two decades old, TLS 1.0 h

Over the last few months, the Zimperium zLabs team has been actively monitoring the rise in phishing attacks and some new data started to stand out. While phishing has predominantly been device-agnostic, meaning it did not rely on or change based on the operating system or device type, a trend began to emerge showing an increase in mobile-specific phishing

Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese smartphone brands after an investigation identified security vulnerabilities and censorship concerns with certain devices.Lithuania’s National Cyber Security Center said it found four major cybersecurity risks for devices made by Huawei and Xiaomi, inc

The auto industry reached an important milestone in 2020: more than half of the cars sold globally included internet connectivity as a standard feature. Modern vehicles have started to resemble mobile supercomputers, with each one containing millions of lines of code and able to process vast amounts of data. They’ve also begun integrating with mobile

Security researchers at Cisco Talos have identified a new backdoor that Russian cyberespionage group Turla is believed to have been using in attacks since last year.Likely a second-chance backdoor, the malware is simple but capable of maintaining a prolonged stealthy presence on infected machines. Turla used the backdoor in attacks on targets in the United S

Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.The iOS 15 makeover also includes patches for at least 22 documented security vulnerabilities, some serious enough to expose iPhone and iPad users to remote denial-

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open sourc

Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.The funding round was led by Boston-based venture capital OpenView Partners. Matrix Partners, who led Kolide’s Series A, also invested in the new round.Kolide sells a Security-as-a-Service (SaaS) platform that

A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.Using the permanent exploit known as checkm8 as a starting point, the researchers implemented a BootROM toolkit to test Apple’s A10 Fusion system-on-a-chip (SoC)

Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such "zero-click" attacks work, and can they be stopped? What is a 'zero-click' hack? Spying software has traditionally relied on convincing the targeted person to cli

Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office doc

On September 13, The Citizen Lab revealed new research surrounding the Pegasus spyware campaign, presenting their discovery of a zero-click vulnerability targeting Apple devices across the entire endpoint ecosystem. In response to the disclosure, Apple has released security updates for all their devices from mobile to desktop. With Zimperium’s machine learn

Google has joined the list of major software providers scrambling to respond to zero-day exploits in the wild.On the same day Apple pushed out iOS and macOS patches to address gaping security holes, Google shipped an advisory of its own to warn of a pair of already-exploited flaws in its desktop Chrome browser.“Google is aware that exploits for CVE-2021-3063

Apple on Monday rolled out fixes for a pair of iOS and macOS security defects alongside a warning that these issues belong in the “actively exploited” zero-day category.As is customary, Apple did not provide any additional details on the live attacks beyond crediting Citizen Lab for one of the discoveries, a major clue the patch covers the FORCEDENTRY zero-c