This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to The Citizen Lab, a research organization based at the University of Toronto.
Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.
Ex-CISA Director Christopher Krebs revealed in a "60 Minutes" interview what made officials confident that the election results were accurate: paper ballots. Krebs didn't mention President Trump by name, but refuted claims by his administration and personal lawyer, Rudy Giuliani, that the election was fraudulent.
The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favor of ransomware attacks. Also featured: Defending against deep fakes; supporting a dispersed workforce.
Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.
Officials with the Baltimore County Public Schools are investigating a ransomware attack that disrupted virtual learning for students this week. Now, the district has been forced to call-off its virtual classes until next Monday.
India's urban cooperative banks need to take a holistic approach to build a security governance structure, opt for an ASP services model and map their business-critical risks to comply with the RBI's security posture guidelines, according to a panel of experts.
Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.
IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.
Adopting a "security by design" approach and weaving it into the digital transformation road map helps organizations defend against cyberthreats, says Reem AlShammari, CISO at Kuwait Oil Co., who also advocates threat information sharing.
The U.S. Senate on Tuesday unanimously passed federal IoT security legislation that will require the government to only procure devices that meet minimum cybersecurity requirements. The bill now moves to President Donald Trump's desk.