No wonder Google is having trouble keeping up with policing its app store. Since Monday, researchers have reported that hundreds of Android apps and Chrome extensions with millions of installs from the company’s official marketplaces have included functions for snooping on user files, manipulating the contents of clipboards, and injecting deliberately unknown code into webpages.

Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.

Ars chats with law philosopher Scott Shapiro about his new book, Fancy Bear Goes Phishing. Turing himself showed that perfect cybersecurity is impossible through the proof that he gave. It's easy to extend the proof just to see that among the problems that cannot be solved are finding bugs in computer programs.

Overall, Android devices have earned a decidedly mixed reputation for security. While the OS itself and Google's Pixels have stood up over the years against software exploits, the never-ending flow of malicious apps in Google Play and vulnerable devices from some third-party manufacturers have tarnished its image.

The Snake network has been detected in more than 50 countries, including Australia.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices. Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

Security researchers are examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware.

A market-leading garage door controller is so riddled with severe security and privacy vulnerabilities that the researcher who discovered them, Sam Sabetan, is advising anyone using one to immediately disconnect it until they are fixed.

If you need another reminder to be careful when downloading new apps for your devices, a new batch of malicious apps has been discovered stealing both data and money from unsuspecting users. As reported by Laptop Mag(opens in new tab), these 203 malicious iOS and Android apps were first discovered by Thailand’s Ministry of Digital Economy and Society (DES) and the UK’s National Cyber Security Centre (NCSC).

In an era of quantum computing "arms race", it is time to transition to quantum-safe systems.

We’re changing some of our security practices. Here is what you need to know to ensure a smooth transition.

Nearly two-and-a-half years after the Trump administration threatened to ban TikTok in the United States if it didn't divest from its Chinese owners, the Biden administration is now doing the same.

A popular ransomware operator claims to have compromised Ring, the Amazon-owned company that builds smart doorbells with cameras. A new report on Vice’s Motherboard states that the group known as ALPHV, popular for its use of the BlackCat encryptor malware, added a new entry to its leak site, next to which is Ring’s logo.

It has become clear that there is little clarity in the law about the obligations an employer owes to its current and former employees

A device’s built-in security is often enough, but stay on top of updates, passwords

The White House on Thursday released an ambitious national cybersecurity strategy that calls for new federal regulation of vulnerable critical infrastructure firms and for software makers to be held liable when their products leave gaping holes for hackers to exploit.

The social media site says that a phishing incident led to the theft of company data but that user data is safe. Reddit says that it was hacked earlier this month, in a security incident that compromised some company data. However, the company says that Redditors have no need to fear because user data was not impacted by the episode—at least, that the company knows of...“so far.”

Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack. A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that on February 5 the company became aware of the “sophisticated” attack targeting Reddit employees. He says that an as-yet-unidentified attacker sent “plausible-sounding prompts,” which redirected employees to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication tokens.

Finally end-to-end encryption comes to iCloud. The system can be a bit buggy, but promises a substantial security upgrade. The cloud has always been a convenient place to store your files, but a hostile place for security. With your files backed up on a company’s servers somewhere, they are at risk to demands from authorities to access them, or hackers that may break into the company’s infrastructure.

A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server.