Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
Author Archives: Onsite Computing, Inc.
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor’s cloud environment was breached three years ago. […] Go to Source Author: Sergiu Gatlan
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. […] Go to Source Author: Sergiu Gatlan
Ransomware gangs like BianLian and Rhysida increasingly use Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. […] Go to Source Author: Bill Toulas
Operational technology (OT) infrastructure is facing an unprecedented wave of cyberattacks, with a reported 73% surge in incidents, according to the Fortinet 2024 State of Operational Technology and Cybersecurity Report. OT organizations responsible for critical infrastructure and industrial processes often find themselves in the crosshairs of increasingly sophisticated threat actors. However, there’s a silver lining. […]
It is imperative to develop robust policies for new tech and future-proofing by favoring investments in security. Go to Source Author: Sébastien Cano
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. […] Go to Source Author: Bill Toulas
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). “Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC),” David Adrian, David Benjamin, Bob Beck, and Devon […]
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. “The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines […]
A recently patched Windows MSHTML (Trident) Platform Spoofing Vulnerability had zero day exploitations since before July 2024, in conjunction with another MSHTML spoofing bug, according to Microsoft. Fixed in this month’s Patch Tuesday update, CVE-2024-43461 is a critical (CVSS 8.8/10) user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a […]