By combining two exploits initially developed for jailbreaking iPhones, security researchers claim they can also jailbreak Macs and MacBook devices that include Apple’s latest line of T2 security chips. While exploitation is still pretty complex, the technique of combining the two exploits has been mentioned on Twitter and Reddit over the past few weeks, having been tested and confirmed by several of today’s top Apple security and jailbreaking experts. If exploited correctly, this jailbreaking technique allows users/attackers to gain full control over their devices to modify core OS behavior or be used to retrieve sensitive or encrypted data, and even plant malware.…
ISBuzz Team
It was reported today that, according to a freedom of information response, more than £14m has been spent on upgrading Wi-Fi and video equipment across the criminal court estate since 2016 under the HM Courts & Tribunals Service reform program. Yet despite this investment, Windows XP, Microsoft’s obsolete operating system, which is not being updated with security patches, is still in use in the criminal court estate.
Research (from Juniper Threats Labs) on a New Pastebin-like service used in multiple malware campaigns identified several malware campaigns that rely on a Pastebin-like service for its infection chain (paste.nrecom.net). Attacks start as a phishing email and, when successful, download the next stage of the malware from paste.nrecom.net and load it into memory without writing to disk. The threat actors are using two techniques that make it harder for organizations to defend against their attacks: a) the use of encryption to download malicious payload – many organizations either do not have the means to decrypt traffic to inspect its content or…
Only 1 in 4 Global Organizations Keep Cardholder Payment Data Secure Verizon Business 2020 Payment Security Report (PSR) cites lack of long term security strategies by business leaders behind 3rd-year decline in payment security compliance Key findings include: Only 27.9 percent of global organizations were able to maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS) Staggering 27.5 percentage point drop in compliance since 2016 as reported in the 2017 PSR Lack of long term strategies and leadership commitment cited as the root cause 10th-anniversary edition of the Verizon Business Payment Security Report BASKING RIDGE, N.J. Global organizations…
A US healthcare company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments, and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. The attack on eResearchTechnology, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients…
In response to news of a ransomware attack on eResearch Technologies, a company whose clinical trials software is widely used in clinical trials, including in AstraZeneca’s Covid-19 vaccine trial and in Bristol Myers Squibb in a multi-company initiative to develop rapid COVID-19 testing, experts offer perspective.
Apple is suing a company in Canada it claims resold more than 100,000 devices it sent to be recycled, according to BBC News. The technology giant sent more than 500,000 old iPhones, Watches and iPads to Geep Canada from 2015 to 2017. But after carrying out an audit in 2018, it discovered 18% of them were still accessing the internet, it says. Apple filed the legal paperwork for this suit in January, but it has only recently been made public. “Products sent for recycling are no longer adequate to sell to consumers,” Apple said, “And if they are rebuilt with counterfeit…
As reported by Infosecurity, the United Nations agency for international shipping came under cyber-attack at the end of last week, forcing a number of services offline, it has emerged. Headquartered in London, the International Maritime Organization (IMO) is responsible for the regulation, safety and security of global shipping. However, it revealed in a tweet last Wednesday that its website was “undergoing some technical issues.” It admitted a day later that these had actually been caused by malicious actors. In a longer announcement on Friday recapping the incident, the IMO said its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its…
In relation to the news that a Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks, please find commentary on this below.
A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. The attack on eResearchTechnology, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers…