Security News
While Apple isn't explicitly named in the recently unsealed court papers, it's not difficult to deduce that the identity of "Company A," as written in the indictment, is the consumer tech megacorp. Looking deeper into the case background, it's also revealed that one of the defendants redeemed one of the stolen gift cards to their personal app store account, where they purchased Final Cut Pro - software developed by Apple that only runs on Apple hardware.
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five...
Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. "But the problem is nobody has complete visibility of what exploits actually exist," he added, and advised admins to upgrade to the latest ASA release on all devices that have the AnyConnect SSL VPN feature enabled on the device's interface.
Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: "Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor." Section 2 canvasses the different fields of law that could provide a starting point for what would have to be legislative action establishing a system of software liability.
Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover. BleepingComputer spotted a ew pop-up message hinting, "A new look is coming soon. Google is improving its sign-in page with a more modern look and feel." We noticed the pop-up when signing into the Gmail account.
If you've listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And...
The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver...
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive...
Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won't fix everything.
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH,...