U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
In a surprise turn of events, Symantec's CEO, Greg Clark, resigned on Thursday, the same day that the company reported that it had missed earnings estimates. The value of the anti-virus company's stock dropped almost 13 percent on Friday.
Typically, organizations see automated or manual attacks - one type or the other. But increasingly cyberattackers are striking with blended attacks, and the growth and impact of these strikes is concerning. Dan Schiappa of Sophos discusses how to improve detection and defense.
A sophisticated nation-state spy network has quietly exploited a backdoor in Microsoft Exchange servers that gave attackers unprecedented access to the emails of at least three targets over five years, security firm ESET warns.
The government of India has created a Defense Cyber Agency that's designed to help in the battle against hackers and has appointed a chief. But does the creation of this agency represent a meaningful strategic initiative or a narrower tactical effort?
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy. The report comes as Huawei continues to face concerns over its engineering practices and government ties.
An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet.
The Reserve Bank of India is proposing that financial technology firms be allowed to test new products and services that might require the relaxation of certain compliance regulations in what's called a "regulatory sandbox" approach.
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.