Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers. The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets - including the phone of a Saudi activist in March, researchers at Citizen Lab said. READ MORE...
Facebook had a problem on its hands. People were making posts that got caught in the company's automated moderation system or were taken down by its human moderators. The problem wasn't that the moderators, human or otherwise, were wrong to take down the posts. No, the problem was that the people behind the posts were famous or noteworthy, and the company didn't want a PR mess on its hands. READ MORE...
Nearly half (46%) of the world's on-premises databases contain known vulnerabilities - most of which are high or critical severity, according to a new five-year study from Imperva. The security vendor scanned 27,000 databases globally over five years and discovered that they contained 26 vulnerabilities each on average. Some 56% of these were ranked in the top two severity categories, meaning they could lead to serious compromise if exploited. READ MORE...
The Matrix[.]org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity. READ MORE...