Carly Page

Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered. The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder...

Apple demonstrated “passkeys” at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good. It’s no secret that passwords are insecure, with easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. Passkeys eliminate the...

IBM has announced that it’s acquiring Randori, a Boston-based offensive security startup that combines attack surface management (ASM) with continuous automated red reaming (CART) to help organizations bolster their cyber defenses.  The financial terms of the deal were not disclosed, but Crunchbase data shows that Randori has a valuation in...

Microsoft said on Thursday that it has successfully “identified and disabled” a previously unreported Lebanon-based hacking group that it believes is working with Iranian intelligence.  The hacking group, tracked by the Microsoft Threat Intelligence Center (MSTIC) as “Polonium,” targeted or compromised more than 20 organizations based in Israel and...

Smartphone manufacturing giant Foxconn has confirmed that a ransomware attack in late May disrupted operations at one of its Mexico-based production plants. “It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May,” Jimmy Huang, a Foxconn spokesperson told TechCrunch. “The company’s cybersecurity team...

The Russia-based cybercriminal group known as Evil Corp has shifted to a ransomware-as-a-service model in an effort to skirt U.S. sanctions, according to research from cybersecurity firm Mandiant. The U.S. Treasury’s Office of Foreign Assets Control, or OFAC, sanctioned Evil Corp in December 2019, citing the group’s extensive development...

China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems. The high-severity vulnerability – tracked as CVE-2022-30190 – is being used in attacks to execute malicious PowerShell commands via the Microsoft Diagnostic Tool (MSDT) when opening or previewing specially...

A group of more than 40 Democratic members of Congress has urged Google to stop collecting and retaining “unnecessary” location data over fears it could be used to identify people seeking abortions. The letter was sent to Sundar Pichai, chief executive of Google’s parent company Alphabet, ahead of the anticipated...

Dig, a Tel Aviv-based cloud data security startup, has emerged from stealth with an $11 million investment to help organizations protect data stored in public cloud environments. It’s no secret that data is often the ultimate target for some cybercriminals, yet so many organizations don’t have visibility, context or...

The Lapsus$ hacking group has claimed another victim: U.S. telecom giant T-Mobile. T-Mobile’s latest security incident — the seventh data breach in the past four years — was first revealed by security journalist Brian Krebs, who obtained a week’s worth of private chat messages between the core members of...