The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.
After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license. Many chipmakers and other technology firms have also said they will cease or at least pause the sharing of software, hardware and services.
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Unified endpoint management exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT and security leaders approach UEM? John Harrington Jr. and Ryan Schwartz of IBM MaaS360 with Watson share insight.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
In a surprise turn of events, Symantec's CEO, Greg Clark, resigned on Thursday, the same day that the company reported that it had missed earnings estimates. The value of the anti-virus company's stock dropped almost 13 percent on Friday.
Typically, organizations see automated or manual attacks - one type or the other. But increasingly cyberattackers are striking with blended attacks, and the growth and impact of these strikes is concerning. Dan Schiappa of Sophos discusses how to improve detection and defense.
A sophisticated nation-state spy network has quietly exploited a backdoor in Microsoft Exchange servers that gave attackers unprecedented access to the emails of at least three targets over five years, security firm ESET warns.
In what may be a case of industrial espionage, Massachusetts-based drug development company Charles River Laboratories has reported a cyberattack involving the copying of client data by an intruder. Why is IP theft a growing worry for the healthcare sector?
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.