There are some general principles for dealing with vulnerabilities that can be used to help guide security thinking and decision-making. First, it is always important to understand what we are protecting as this has implications for the actions we need to take. For example, if our artifact is a web...

Notice on the removal of the list of apps that infringe on user rights. Since this year, our Ministry has continued to promote special rectification actions for apps that infringe on user rights, intensified regular inspections, and organized three "look-backs" on key issues that users have strongly complained about. On November 3, our department…

Apple notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unidentified attacker using a security code developed by the controversial Israeli company NSO, Reuters and the Washington Post reported. Grou…

Between August and November 2021, four different Android Trojans spread through the official Google Play Store, resulting in the infection of more than 300,000 apps disguised as seemingly...

Panasonic recently discovered that it had suffered a data breach that allowed attackers to access its file servers and steal data, the company announced late last week. The technology company said its network was breached on November 11, 2021, with "some...

Zero Trust is the latest buzzword being thrown around by security vendors, consultants and policymakers as a panacea to all cybersecurity problems, and some 42% global organizations say they already have plans to adopt Zero Trust. The Biden administration also outlined federal network and systems acquisition...

Israel's Defense Ministry has sharply restricted the number of countries to which its cybersecurity companies can sell offensive hacking and surveillance tools, with 65 countries removed from the export list. Details of the revised list were first reported by Israeli business newspaper Calcalist…

Research found that the attackers used a previously undocumented JavaScript malware that served as a loader to distribute a series of remote access Trojans (RATs) and information-stealing programs. HP Threat Research reports this new evasion...

Under new cybersecurity incident notification rules, U.S. banks will be required to notify federal regulators within 36 hours of discovering any cybersecurity incident. The rule takes effect on April 1, 2022, but enforcement will not begin until May 1…

Combining Cymru Team's threat intelligence and threat hunting capabilities with Amplicy's Internet asset discovery and vulnerability management will give enterprise defenders a complete view of their organization's cyber risks. The Cymru team received an undisclosed amount from…