A sophisticated cyber-espionage campaign using spyware called Mandrake has been targeting Android users for at least four years, according to security firm Bitdefender. The malware has the ability steal a range of data, including SMS authentication messages from banks.
Australia's Parliament passed a new law on Thursday to deal with a range of legal and privacy concerns arising from its quickly developed contact-tracing app, COVIDSafe. Misusing data and other offenses could garner a five-year prison sentence.
DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
Microsoft addressed vulnerabilities in a dozen of its software products in its Patch Tuesday update for May. And while none of the flaws are currently being exploited, several of the most critical flaws require immediate attention, the company says.
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?
Google and Apple on Monday released privacy and security guidelines for their jointly developed contact-tracing infrastructure. The companies note that apps developed using their APIs can only be developed by or for public health authorities - and solely to collect information to trace COVID-19 infections.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
As Google and Apple prepare to offer a jointly developed infrastructure for contact-tracing smartphone apps to help fight the COVID-19 pandemic, the Electronic Frontier Foundation, a privacy advocacy group, is raising concerns about the risks involved.
Over the past five years, a sophisticated spyware campaign has been targeting Android users through Trojan-laced apps in the Google Play store that are disguised as various plugins, browser cleaners and application updaters, according to Kaspersky researchers.
Less than 24 hours after the Australian government released its COVID-19 contact-tracing app Sunday, nearly 2 million people had downloaded it. As security and privacy experts review the app, one outstanding question is if the public will trust it enough to reach the public health target of 10 million users.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.
CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw. Attackers are now using stolen Active Directory credentials to access networks.
With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. Security experts offer tips on mitigating the risks involved.