February 2025 – Page 13

Apple Drops iCloud’s Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data.
The development was first reported by Bloomberg.
ADP for iCloud is an optional setting that ensures that users’ trusted devices retain sole access to the encryption keys used to unlock data stored in its

Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations

An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country.
Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it’s also providing “boutique” solutions in order

Freelance Software Developers in North Korean Malware Crosshairs

ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters.

The post Freelance Software Developers in North Korean Malware Crosshairs appeared first on SecurityWeek.

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. […]

Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand

Apple says can no longer offer end-to-end encrypted cloud backups in the UK and insists it will never build a backdoor or master key.

The post Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand appeared first on SecurityWeek.

Apple pulls iCloud end-to-end encryption feature in the UK

Apple will no longer offer iCloud end-to-end encryption in the United Kingdom after the government requested a backdoor to access Apple customers’ encrypted cloud data. […]

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

Cisco Talos observed Chinese hackers team pivoting from a compromised device operated by one telecom to target a device in another telecom.

The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek.

In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked

Noteworthy stories that might have slipped under the radar: Black Basta ransomware chat logs leaked, SEC launches new cyber unit, DOGE website hacked.

The post In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked appeared first on SecurityWeek.

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.

The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.

Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand’s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.
The latest iteration of the phishing suite “represents a significant

Month: February 2025