Implementation of security automation can be overwhelming, and has remained a barrier to adoption
Removing the Barriers to Security Automation Implementation
Apple Scraps CSAM Detection Tool for iCloud Photos
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.
Vulnerabilities Allow Researcher to Turn Security Products Into Wipers
SafeBreach Labs security researcher Or Yair discovered several vulnerabilities that allowed him to turn endpoint detection and response (EDR) and antivirus (AV) products into wipers.
WAFs of Several Major Vendors Bypassed With Generic Attack Method
Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors.
Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack
An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports.
Lighting Giant Acuity Brands Discloses Two Data Breaches
Lighting and building management giant Acuity Brands has publicly disclosed two data breaches suffered by the company in recent years, including one that may have involved ransomware.
The Atlanta, Georgia-based firm employs roughly 13,000 people and has operations in North America, Europe and Asia.
TikTok Hit by US Lawsuits Over Child Safety, Security Fears
TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children.
CloudSEK Blames Hack on Another Cybersecurity Company
Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee’s Jira account.
As part of the targeted cyberattack, an unknown party used session cookies for the employee’s Jira account to gain access to various types of internal data.
Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total
On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.
A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.
Apple Adding End-to-End Encryption to iCloud Backup
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.