Physical Security
Physical Security | News, how-tos, features, reviews, and videos
The classified document leak: let’s talk about Jack Teixeira’s need-to-know
The release of classified documents by a US Air National Guardsman highlights how important it is for CISOs to consider who should have access to sensitive data and why.
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Spyware vendors use a combination of zero-day exploits and known vulnerabilities. Google TAG researchers urge faster patching of mobile devices
Biden administration seeks to tamp down the spyware market with a new ban
The Biden administration issued an executive order to outlaw the federal government's use of commercial foreign spyware--with some caveats.
France bans TikTok, all social media apps from government devices
French government says TikTok and all other “recreational apps” pose data security risks if installed on government and senior official devices.
Surge of swatting attacks targets corporate executives and board members
Swatters use data brokers and stolen information on the dark web to target C-suite and board members. Removing personal information from the web is the best way to minimize this risk.
What CISOs need to know about the renewal of FISA Section 702
Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?
US Maritime Administrator to study port crane cybersecurity concerns
Recently passed legislation might have been spurred by supply chain disruption and surveillance concerns enabled by Chinese-made cranes.
If governments are banning TikTok, why is it still on your corporate devices?
When lawmakers and higher education take steps to prevent official users from accessing the popular video-sharing app on their devices, corporations should sit up and take notice.
When blaming the user for a security breach is unfair – or just wrong
Training non-tech savvy users to recognize phishing and other credential-based attacks is essential but expecting employees to man the front lines against intrusions is a mistake, experts say. Harmony between staff psychology and...
Stuxnet explained: The first known cyberweapon
Thanks to Stuxnet, we now live in a world where code can destroy machinery and stop (or start) a war.
Chinese cyber espionage campaign targeted Australia, South China Sea energy sector, says study
The campaign was aimed at Australian governmental agencies and media companies, and at maintainers of wind turbines in the South China Sea.
Spyware infections continue as the U.S. federal government takes notice
As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.
NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund
The failed sale of NSO Group to L3Harris raises concerns about who will own its surveillance technology, while Apple takes steps to hold surveillance firms accountable.
Cybersecurity researchers face real-life threats
Investigations into both cybercriminal and nation-state actors can have consequences. Some researchers have upgraded their physical security.
Germany's BSI warns against Kaspersky AV over spying concerns
The warning renews global concerns about using Russian-made software as the country continues its assault on Ukraine.
Are Ukraine’s drone capabilities being throttled in Russia-Ukraine conflict?
Chinese drone producer DJI Global is accused of limiting capabilities of its AeroScope technology for the Ukrainian army, giving an air reconnaissance edge to Russian invaders.
CISOs, beware of spyware tools for illicit competitive intelligence
Two recent court cases expose the capabilities of publicly available spyware and how businesses and governments use them for malicious purposes.
Apple AirTag and other tagging devices add to CISO worries
Tagging devices such as Apple's AirTag can be misused by employees, criminals, and competitors to track people and devices in a way that puts organizations at risk.