iPhones have been compromised by the NSO Group’s Pegasus spyware. Should you be worried? That depends on who you ask. Image: James Martin/CNET The iPhone has always been lauded for its tight security and privacy controls, especially compared with Android devices. But that reputation took a hit this week with the revelation that a spyware program ostensibly used to hack into the phones of criminals and terrorists was abused by certain authoritarian governments to compromise…

When it comes to spotting and defeating today’s advanced cyberattacks, the predominant kill chains used in security products clearly aren’t up to the task. New attacks occur every day, and they are increasingly creative and complex. For example, the SolarWinds hack targeted a user’s email, then used that ID to navigate the company’s network, and then installed malware in the outbound software update server that gave the hackers access to every SolarWinds customer’s network. Kill…

Scoped tokens are here 💪! Scopes give you more fine grained control over what access your tokens have to your content and other public content on Docker Hub!  It’s been a while since we first introduced tokens into Docker Hub (back in 2019!) and we are now excited to say that we have added the ability for accounts on a Pro or Team plan to apply scopes to their Personal Access Tokens (PATs) as a…

  As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s…

We are celebrating two important milestones this month in our partnership with Google Cloud. First, VMware jointly launched Google Cloud VMware Engine with Google Cloud one year ago. Second, I am honored to announce that Google Cloud announced today that VMware has won the “2020 Google Cloud Technology Partner of the Year – Infrastructure Modernization” award, resulting from our collective achievement on Google Cloud VMware Engine. This past year has been an incredible journey it has…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending…