The latest cyber security and data privacy news that matters
- Krebs on Security
- Dark Reading:
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or "Blazefire." What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.
A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing "enormous expenses" from notifying affected consumers and the loss of its four largest customers.
Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There's also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And of course Adobe has its customary monthly security update for Flash Player.
Researchers have found samples of malware that targets a recently-disclosed, unpatched MacOS vulnerability.
A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice.
An attempt by Facebook to block a lawsuit, regarding a massive 2018 data breach, has been shot down.
Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services.
A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals.
PersonalVault locks down files with MFA and encryption.