The National Security Agency (NSA) has issued an advisory to alert users to reboot their iPhones and Androids. Turning devices off and back on again can help with mobile security and to reduce the instances of cyber threats such as spear phishing and zer0-click exploits. While rebooting doesn’t solve all cyber threats, it is one precaution to take. This and other related advice was first issued in the NSA Telework and Mobile Security Guide which offers other actions to take such as using strong PINs and passwords, keeping software updated, and using 2 step authentication.

According to security researchers at Proofpoint, there has been a surge in online job scams targeting financially vulnerable individuals.  Known as “job scamming,” this new tactic mirrors the existing “pig butchering” fraud model but aims at a broader audience by preying on job seekers looking for remote, flexible work.  The researchers noted that while pig butchering scams typically focus on individuals with significant investment funds, these job scams seek smaller, faster payouts from financially struggling targets.

OnePoint Patient Care (OPPC), an Arizona-based hospice pharmacy that serves over 40,000 patients per day, recently started informing customers about a data breach impacting their personal information.  OPPC detected suspicious activity on its network on August 8, 2024. An investigation revealed a week later that before the cyberattack was detected, the hackers had obtained files containing personal information from OPPC systems. The company noted that the compromised data includes names, residence information, medical records, and information on prescriptions and diagnoses.

Insurance administrator Landmark Admin recently started notifying over 800,000 individuals that their personal information was stolen in a ransomware attack earlier this year.  Landmark discovered the unauthorized access to its systems on May 13, and the attackers regained entry to its network on June 17.

The Pwn2Own Ireland 2024 hacking competition organized by Trend Micro’s Zero Day Initiative (ZDI) has recently ended.  Participants have earned over $1 million for camera, printer, NAS device, smart speaker and smartphone exploits.  ZDI noted that on the first day of the event, white hat hackers earned a total of more than $500,000.

A potential disaster loomed in the Internet's encryption system for years, posing a threat to the security of organizations and individuals. In a collaborative effort, Princeton University researchers have addressed that threat, turning their research into a universal security standard recently adopted by global organizations. By adopting the Princeton standard, certification authorities have agreed to verify each website from multiple points instead of just one.

The "Embargo" ransomware group is a new Ransomware-as-a-Service (RaaS) gang that uses a custom Rust-based toolkit. It includes a variant that disables security processes through the abuse of Windows Safe Mode. The group, which first emerged publicly in May 2024, is suspected to have been behind attacks on the American Radio Relay League and South Carolina police department. This article continues to discuss findings from ESET's latest analysis of the Embargo ransomware group.

A security flaw in the Wi-Fi Test Suite, an integrated platform developed by the Wi-Fi Alliance, enables unauthenticated local attackers to execute arbitrary commands with root privileges on affected routers. The Wi-Fi Test Suite automates Wi-Fi component or device testing. According to the CERT Coordination Center (CERT/CC), an unauthenticated local attacker could exploit the Wi-Fi Test Suite by sending specially crafted packets. This article continues to discuss the discovery of a command injection flaw in the Wi-Fi Test Suite.

Apple has created a "Virtual Research Environment" (VRE) that welcomes the research community to inspect and verify the security of its Private Cloud Compute (PCC) system. The company released source code for some "key components" to help researchers analyze the architecture's privacy and safety features. PCC is a cloud intelligence system designed for complex Artificial Intelligence (AI) processing of data from user devices that does not compromise privacy. This article continues to discuss Apple's VRE created to enable public access to PCC system security testing.

New joint guidance from the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) recommends software manufacturers implement a safe software deployment program to improve product and deployment environment security and quality.