Security News > 2024

Kaspersky's researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator through analyzing a log file created on iOS devices. "The sysdiag dump analysis proves to be minimally intrusive and resource-light, relying on system-based artifacts to identify potential iPhone infections. Having received the infection indicator in this log and confirmed the infection using Mobile Verification Toolkit processing of other iOS artifacts, this log now becomes part of a holistic approach to investigating iOS malware infection," said Maher Yamout, Lead Security Researcher at Kaspersky's Global Research and Analysis Team.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for...

In the digital age, the battleground for security professionals is not only evolving, it's expanding at an alarming rate. The upcoming webinar, "The Art of Privilege Escalation - How Hackers...

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO...

In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day with an existing exploit.V8 is an open-source JavaScript and WebAssembly engine developed by the Chromium Project for Chromium and Google Chrome web browsers.

Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "Bombarding" unsuspecting households with marketing messages about home improvements. Poxell, which specializes in energy saving products including double glazing and resin driveways, is being penalized to the tune of £150,000 by the Information Commissioner's Office for making 2.6 million marketing calls between March and July 2022, resulting in 413 complaints to the data regulator.

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The...

Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to cybercrime disruption outfit Netcraft. Some of the stories suggest that judges on entrepreneurial reality shows Shark Tank and Dragons' Den have backed the products.

Not only do human resources and direct managers bear the onus of responsibility when conducting exit conversations, but security teams should also make the necessary preparations for monitoring anomalies in employee behavior and organizational risk - before, during, and after layoffs. As a managed security services provider and incident response professional, I've witnessed first-hand how a well-prepared organization handles layoffs versus an unprepared one, and the repercussions of these events on the latter's cybersecurity posture.

Even though employees go through cybersecurity awareness training, half of organizationd' leaders believe their employees still lack cybersecurity knowledge. Effective cybersecurity awareness training can help employees recognize phishing attacks and social engineering schemes, apply username and password best practices, report security incidents and, ultimately, protect sensitive data and systems and prevent their organization from falling victim to a ransomware attack.