Law enforcement agencies use forensics tools from Israeli company Cellebrite to gain access to locked mobile devices and extract data. But the creator of encrypted messaging app Signal says he's found vulnerabilities in Cellebrite's tools, raising questions about whether the extracted data can be trusted.
A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
IoT device manufacturer Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack.
Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones.
The latest edition of the ISMG Security Report features an analysis of recent “tell-all” interviews with members of ransomware gangs. Also featured: insights on securing IoT devices and mitigating insider threat risks.
What's that IoT device on your network? A lot of organizations may not know. That's why Gartner analyst Tim Zimmerman says enterprises need to create IoT security policies and governance rules to reduce risk.
Canadian IoT device manufacturer Sierra Wireless reported Tuesday it had suffered a ransomware attack over the weekend, forcing it to halt production. The attack has disrupted its website and some internal operations.
A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with criminal hacking by a U.S. federal grand jury and accused of illegally accessing and leaking data from numerous organizations, apparently including Intel, Nissan and the U.S. National Reconnaissance Office.
U.S. authorities have extended the crackdown on the Sky ECC cryptophone service by charging the CEO of parent company Sky Global and its alleged main distributor - both Canadians - with running an "illicit secret communications network" for criminals and hiding profits via shell companies and cryptocurrency.
Tales of poorly secured internet-connected cameras come along regularly. But the latest installment seems especially egregious because it involves Verkada, a widely used "surveillance camera as a service" startup, and led to remote hackers being able to spy on customers via their own cameras.
Police say they have disrupted Sky ECC - a global encrypted communications network allegedly used by numerous criminals to plan their operations - and made numerous arrests. Authorities say starting in February, they "unlocked" 3 million messages exchanged daily by the service's 170,000 users.
The "Arson Cats" research group says it was able to exploit flaws in internet-accessible security cameras built by Silicon Valley "cloud-based enterprise video security" startup Verkada to access live video and audio feeds from inside Tesla, Okta and Cloudflare offices, plus healthcare facilities and prisons.
This multinational pharmaceutical
company’s supply chain was distributed
across multiple manufacturing plants
and countries. While it had a good
understanding of the number of OT devices
on its networks, it wasn’t able to clearly
see how assets were communicating and
where vulnerabilities and risks...
In the new world of increased cyber risk, approaches that bridge the
IT/OT divide are no longer optional – they’re mission critical. Executive
leadership expects CIOs and CISOs to anticipate and stay ahead of the
enterprise-wide threat landscape, including oversight of cyber risks
related to industrial...