Pwn2Own Offers $100,000 for Home Office Hacking Scenario
The next Pwn2Own will take place December 6-8, 2022, at ZDI’s office in Toronto, Canada. The registration deadline is December 2. The event will not take place alongside a conference so ZDI has decided to reimburse $3,000 for travel expenses to encourage hackers to participate in person. Bug bounty hunters can also compete remotely, with…
New Open Source Tool Shows Code Injected Into Websites by In-App Browsers
Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks. Researcher Felix Krause published a blog post earlier this month claiming that…
TalonWork Mobile empowers organizations to safeguard enterprise assets
Talon Cyber Security introduced TalonWork Mobile, a version of its TalonWork browser made specifically for mobile endpoints. With TalonWork Mobile, customers can extend secure access and control to the mobile endpoints that are used to connect to corporate resources and data, yet are historically unmanaged by organizations. Talon is the first secure enterprise browser provider…
Apple Debuts Spyware Protection for State-Sponsored Cyberattacks
Apple today announced a new feature called Lockdown Mode that automatically locks down any system functionality that could be hijacked by even the most sophisticated, state-sponsored mercenary spyware to compromise a user device. While Apple acknowledged in its statement announcing the initiative that the number of users who might need Lockdown Mode is small, protecting…
API Security Losses Total Billions, But It’s Complicated
US companies face a combined $12 billion to $23 billion in losses in 2022 from compromises linked to Web application programming interfaces (APIs), which have proliferated with the increased adoption of cloud services and DevOps-style development methodologies, according to an analysis of breach data. In the last decade, API security has grown to become a…
Apple Announces New Security Update Feature in iOS 16, macOS Ventura
The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…
Microsoft Finds Major Security Flaws in Pre-Installed Android Apps
According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers. “Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could…
Apple Patches iOS HomeKit Flaw After Researcher Warning
The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names. The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it…
ZeroFox to Go Public in $1.4 Billion SPAC Deal
ZeroFox provides an AI-powered platform that protects users and brands from social media-sourced threats. The platform analyzes millions of pieces of publicly-accessible content in platforms such as Microsoft 365, G Suite, LinkedIn, Facebook, Slack, Instagram, and Apple and Google mobile app stores — looking for potential threats such as account compromise, fraudulent profiles, business email…
Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware
Citizen Lab teamed up with the threat-intel team at Facebook parent company Meta to expose Cytrox alongside a handful of PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry. In a detailed technical report published late Thursday, Citizen Lab said Cytrox is responsible for a piece of iPhone eavesdropping malware that was planted on…
