Security

Nearly two years ago, security researchers unearthed what was, at the time, arguably the most advanced piece of mobile hacking software the world had ever seen. The tool in question was called Pegasus and was the brainchild of an Israeli-based security company called the NSO Group. As is often the case, the NSO Group’s business model rests on creating sophisticated software-based exploits and selling them to intelligence agencies and foreign governments.

With its promise to unlock the latest Apple iPhone models, the Grayshift GrayKey has been increasingly popular across local and federal police forces. From the FBI and the Coast Guard to the IRS, U.S. government divisions have become big fans of the hacking box, which hooks up to iPhones via the Lightning port before attempting to find device passcodes.

Hackers could hijack your browsing session and snoop on the websites you visit over an LTE connection using an attack called aLTEr.

According to university researchers, the attack technique abuses a second layer of LTE connectivity called the data link layer, normally designed to protect data going across LTE with encryption, as well as organising how resources are accessed on the network and correcting transmission errors. But aLTEr has been designed to redirect network requests and hijack browsing sessions, as well as redirect network requests, through DNS spoofing.

L33tdawg: If you're looking for some hardcore technical training, we've got classes lined up in Singapore, Beijing and Dubai this year.

While businesses spend a lot of time and effort putting up technical defenses to protect their systems, often the weakest spot is the users.

Insider threats top the list of the most dangerous cyber risks for organizations worldwide. It doesn’t take much effort for insiders to steal your sensitive data, while such activities are hard to discover and impossible to prevent.

Unfortunately, lack of visibility into user behavior is one of the key reasons why companies suffer from data breaches that involve either human negligence or malicious intent.

Every day, companies like Google and Apple wage a constant battle to keep malicious apps out of their marketplaces and off people's phones. And while they do catch a lot of malware before it does any damage, there are always a few nasty infiltrators that manage to sneak by and end up getting downloaded by thousands of consumers. No one wants these mistakes to happen, but when you're a crucial app store for the Department of Defense, these mistakes can't happen.

With iOS 12 and macOS Mojave, Apple has introduced a new security code auto-fill feature that makes managing two-factor authentication codes sent via SMS easier to manage. A security researcher, however, has published a new piece detailing some potential fraud concerns with the feature..

In our initial coverage of the feature, we noted that SMS two-factor isn’t the most secure form of two-factor authentication. Now, Andreas Gutmann, a researcher at OneSpan’s Cambridge Innovation Centre, dives deeper into the security concerns that come with Apple’s new auto-fill feature.

As we all know by now, the human factor is crucial to enterprise security. Cyber attacks routinely exploit vulnerable human behaviors to gain entry, since organizations must trust their own people—or at least some of them—with access to critical systems.

Humans make decisions on risk tradeoffs, funding for security programs, adherence to policies, and hiring, factors which impact the organization’s security posture in many ways. From the newest intern to the chief executive, all members hold the power to harm, or to help, the security of sensitive data and essential systems.

The 4G wireless telecommunications protocol is vulnerable to the same types of remote exploitation as its 3G predecessor, new research emphasizes.

As with the flaw-ridden protocol underlying 3G, the 4G protocol is susceptible to attacks that disclose mobile users’ information or impose a denial of service, according to a report from mobile-security company Positive Technologies.

On Thursday, Adidas revealed a “potential data security incident” that possibly left the contact and login info of millions of Adidas customers in the hands of an “unauthorised party.” As many as “a few million” customers who used the Adidas US website may have been affected by a breach, the Wall Street Journal reports.

Adidas stated it became aware of a possible data breach on 26 June, and “is working with leading data security firms and law enforcement authorities to investigate the issue.”