Search Results for “CRN”

October 14, 2019
Julia Kollewe / The Guardian

Julia Kollewe / The Guardian  
Thoma Bravo to Buy Sophos for $3.9 Billion Marking First Big Buy Outside U.S. for Increasingly Cybersecurity-Focused Private Equity Group

UK cybersecurity firm Sophos agreed to be bought by a US private equity group Thoma Bravo for $3.9bn (£3.1bn), marking the first acquisition outside the U.S. for the increasingly cybersecurity-focused buyout group. Thoma Bravo said it would carry out a six-month review of the business but indicated that a significant restructuring and material job losses were unlikely.

Related: ZDNet Security, City A.M. – Technology,, Computer Business Review, Help Net SecurityThe RegisterCRN, Sophos, ComputerWeekly: IT security, MSSP Alert, Bloomberg Technology, – Software Industry News, Evening Standard, SecurityWeek,, Cyberscoop, TechCrunch, Channel News Asia


ZDNet Security: Thoma Bravo to buy Sophos for $3.9 billion
City A.M. – Technology: Sophos shares jump as private equity group secures buyout Private Equity Firm Thoma Bravo Acquires UK’s Sophos For $3.8B
City A.M. – Technology: Sophos shares jump as private equity group secures buyout
Computer Business Review: UK’s Sophos Sold for £3.1 Billion Cash
Help Net Security: Thoma Bravo to acquire Sophos for $3.9 billion
The Register: Private equity to gobble up Brit virus blocker Sophos for £3bn
Independent : Cyber security firm Sophos latest British company snapped up by foreign buyers –
CRN: Thoma Bravo In Talks To Buy All Of McAfee From TPG, Intel: Report
Sophos: Thoma Bravo Makes Offer to Acquire Sophos
ComputerWeekly: IT security: Researchers reveal the cyber campaign that built China’s new airliner
MSSP Alert: Sophos Acquired By Private Equity
Bloomberg Technology: Sophos Becomes Latest U.K. Tech Target in $3.8 Billion Deal – Bloomberg – Software Industry News: Sophos shares soar 37% after $3.8 billion offer from U.S. buyout group
Evening Standard: Tech duo pocket £460 million as US swoop on FTSE software giant Sophos
SecurityWeek: Thoma Bravo to Acquire Sophos for $3.9 Billion Thoma Bravo to Buy Sophos for $3.9 Billion
Cyberscoop : Thoma Bravo spends $3.8 billion on Sophos in private equity’s latest cyber deal
TechCrunch: Thoma Bravo makes $3.9 billion offer to acquire security firm Sophos
Channel News Asia: Buyout firm Thoma Bravo adds Sophos to its cybersecurity chest with US$3.8 billion deal

@lehtior2: Thoma Bravo offers to buy Sophos at $3,9M EV. FY19 EV/R 5,6x, EV/EBITDA 44,1x. Premium of 37.1% to last closing price. Interestingly, last winter Thoma Bravo was rumored to be in talks for McAfee Seems they settled on Sophos instead

July 20, 2019
Kevin McLaughlin / The Information

Kevin McLaughlin / The Information  
Cisco Systems in Talks to Buy Web Application Cybersecurity Startup Signal Sciences, Sources

In the latest sign of  Cisco System’s interest in the cybersecurity sector, the tech giant is in talks to buy cybersecurity startup Signal Sciences, which develops software that protects applications running in private data centers and on cloud providers from attacks, according to several people familiar with the talks. The five-year-old Signal Sciences has raised $61.7 million so far and counts among its customers Adobe, WeWork, Etsy, and Yelp. It has raised $61.7 million in four rounds, The deal could help Cisco compete more effectively against rivals Palo Alto Networks and Fortinet while also helping its push into subscription services and recurring revenue streams.

August 27, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Cybersecurity Firm Imperva Experienced ‘Security Incident’ Impacting Customers of Cloud Web Application Firewall Formerly Known as Incapsula

Cybersecurity and DDoS mitigation firm Imperva disclosed today an August 20th security incident that impacts a subset of customers of its cloud web application firewall (WAF), formerly known as Incapsula.  Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers the company had registered up until September 15, 2017, while for a smaller number of users, API keys and customer-provided SSL certificates were also exposed. Imperva has begun a forensic investigation, is notifying customers and has alerted relevant regulatory agencies.

Related: Threatpost, CRN, SecurityWeek,, Krebs on Security, Glock Takes Stock, Computer Business Review, Imperva Cyber Security Blog, The Hacker News, Cyberscoop, CRN , GBHackers On SecuritySC Magazine, TechNadu, DataBreaches.netHelp Net Security, Infosecurity Magazine

Tweets:@campuscodi @ericgeller @unix_root

Threatpost: Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
CRN: Imperva Breach Exposed API Keys, SSL Certs For Some Firewall Users
SecurityWeek: Imperva Notifies Cloud WAF Customers of Security Incident Cybersecurity Firm Suffers Security Breach, Client Info Exposed
Krebs on Security: Cybersecurity Firm Imperva Discloses Breach
Glock Takes Stock: Cybersecurity Firm Imperva Discloses Breach
Computer Business Review: Imperva Hacked: Customer API Keys, SSL Certificates Stolen
Imperva Cyber Security Blog: Imperva Security Update
The Hacker News: Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys
Cyberscoop: Imperva says cloud firewall customers’ passwords were exposed
CRN : Imperva discloses data breach affecting some firewall users
GBHackers On Security: Imperva Hacked – Email addresses, API keys & SSL certificates of WAF Customers Exposed
SC Magazine: Breach exposes data belonging to Imperva Cloud WAF customers
TechNadu: Imperva Announces Data Breach that Exposes Cloud WAF Customers : Imperva discloses security incident impacting cloud firewall users
Help Net Security: Imperva discloses security incident affecting Cloud WAF customers
Infosecurity Magazine: Imperva Breach Hits Cloud Customers

@campuscodi: Imperva discloses security incident impacting cloud firewall (formerly Incapsula) users-incident impacts users registered up until Sep 15, 2017 -unclear if incident caused by leaky server or intrusion -unclear if hack happened in '17 & discovered now
@ericgeller: Firewall provider Imperva announces data breach affecting customers of its cloud-based web firewall product: passwords, API keys, and SSL certificates among the compromised material.
@unix_root: Cybersecurity company 'Imperva" suffers a #databreach exposing sensitive data—emails, hashed salted passwords, API keys and SSL certificates—for a subset of its Cloud Web Application Firewall (WAF) customers.—by @security_wang

September 5, 2019
Ron Miller / TechCrunch

Ron Miller / TechCrunch  
Palo Alto Networks to Buy IoT Security Start-Up Zingbox for $75 Million

Cybersecurity giant Palo Alto Networks announced its intent to acquire IoT security startup Zingbox for $75 million. Founded in 2014, Zingbox brings to Palo Alto a modern cloud-based solution built on a subscription model along with engineering talent to help build out the solution further. The company’s three co-founders, Xu Zou, May Wang, and Jianlin Zeng, will be joining Palo Alto.

July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired,, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN,, SecurityWeek,, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times,,, The VergeEvening Standard, – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security,, Fortune, Technology News |, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra,,, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users Capital One data breach affects 100M credit card applicants Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap Worried about the Capital One hack? Here’s what to do Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected Cap One Hack Hits 100M Credit Card Applications Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Capital One Bank Targeted in Massive Data Breach Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link:…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link:…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.

August 7, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
New Variant of Spectre 1 Speculative Execution Side-Channel Flaw ‘SWAPGS’ Could Allow Attacker to Read Contents of Privileged Memory

A new variant of the Spectre 1 speculative execution side-channel vulnerabilities, called the SWAPGS vulnerability, could allow a malicious program to access and read the contents of privileged memory in an operating system such as the Windows or Linux kernel memory, researchers at BitDefender disclosed at Black Hat. Andrei Vlad Lutas of Bitdefender discovered and reported the vulnerability to Intel in August 2018. Intel allowed Microsoft to address this issue on a software level and take over coordination of the vulnerability. Microsoft took over notifying other vendors, making sure patches were released, and planning the coordinated disclosure at BlackHat.

Related: The Register – Security, Computer Business Review, Help Net Security, CRN, The Hacker News,, Dark Reading: Vulnerabilities / Threats, ZDNet Security, Computer Business Review, The Next Web, US-CERT, BitDefender, CSO Online

August 8, 2019
Reinhardt Krause / Investor's Business Daily

Reinhardt Krause / Investor's Business Daily  
Broadcom to Buy Symantec’s Enterprise Security Assets for $10.7 Billion in Cash

Chipmaker Broadcom agreed to buy cybersecurity firm Symantec’s enterprise security assets serving large business customers for $10.7 billion in cash. Symantec has struggled since it went on an acquisition spree of its own purchasing LifeLock, a provider of consumer identity-theft protection services, for $2.3 billion in 2017 and Blue Coat Systems in late 2016 for $4.65 billion. Some analysts say Symantec may sell off its consumers assets too.

Related: Business Wire Technology News, ARN,, iTnews ,BizjournalsChannel News Asia, CIO Dive , ZDNet SecuritySecurityWeekiTnews , San Jose Business News, Channel News Asia,, Slashdot, CRN, CNBC

August 14, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Capital One Hacker May Have Stolen Data From More Than Thirty Other Companies Prosecutors Say

Paige Thompson, the hacker accused of breaching US bank Capital One, is also believed to have stolen data from more than 30 other companies, US prosecutors said in a filing in support of a motion for Thompson’s detention. Prosecutors said that Thompson’s seized servers include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities. The investigation into Thompson’s activities is still ongoing but prosecutors say much of the data appear not to contain personal identifying information. Although the filing doesn’t say which companies were affected, press reports have suggested that Unicredit, Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation were also victims of Thompson’s hacking.

Related: Yahoo! News, USA Today, GeekWire, Cyberscoop,,, Fortune, AP Breaking News, The Register, Ars Technica, CRN, New York Times

August 22, 2019
Khari Johnson / Venture Beat

Khari Johnson / Venture Beat  
Tech Giants Including Intel, Google, Microsoft and Red Hat Form Confidential Computing Consortium to Improve Security for Data in Use

Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced their intent to form the Confidential Computing Consortium to improve security for data in use. The consortium, established by the Linux Foundation, plans to bring together hardware vendors, developers, open-source experts, and others to promote the use of confidential computing, advance common open-source standards, and better protect data. The members made a series of open source project contributions including Intel Software Guard Extension (SGX), an SDK for code protection at the hardware layer. Microsoft contributed the Open Enclave SDK for developers to build Trusted Execution Environment (TEE) applications while IBM’s Red Hat is sharing Enarx for running TEE applications.

Related: Dark Reading, ZDNet Security, GeekWire, Business Wire Technology News, The New Stack, CRN, Techerati, Slashdot, Engadget, The Next Web, Tom’s Hardware, Beta News, Confidential Computing

September 2, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Malicious Websites Used to Hack Into iPhones Were Targeting Uyghur Muslims in China in Likely State-Backed Attack, Same Websites Used to Target Android and Windows Users, Sources

A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims in China’s Xinjiang state as part of a state-backed attacked, likely China, according to sources. Google Project Zero researchers discovered the malicious websites but did not disclose who the sites were targeting. Apple fixed the vulnerabilities in February in iOS 12.1.4, days after Google privately disclosed the flaws. Separately, Forbes said the same websites targeting iPhones were also used to target Android and Windows users. The websites also infected non-Uygurs who inadvertently accessed these domains because they were indexed in Google search, prompting the FBI to alert Google to ask for the site to be removed from its index to prevent infections.

Related: Forbes, Forbes, Digital Journal,,, USA Today, CRN, Newser, Daily Dot, 9to5Mac, MacRumors, Economic Times, Cult of Mac, TechSpot, The Guardian, MSPoweruser, Techradar, Tech InsiderfossBytes, Gizmodo, Telecompaper Headlines, MacRumors, TechNadu, Daily Dot, Slashdot, The Loop, 9to5 Mac, The Next Web, Engadget, AppleInsider, Softpedia

Tweets:@iblametom @HowellONeill @zackwhittaker

Forbes : Apple Just Gave 1.4 Billion Users A Reason To Quit Their iPads, iPhones
Forbes : New iPhone Hack Shock For 1 Billion Apple Users As Attacker Is Revealed
Digital Journal: iPhone flaw shows ongoing concerns with mobile devices : Apple iPhone users exposed to spyware through tainted websites, Google researchers say – ABC News Google Says 1B Apple Users Could Be At Risk Of Hack Attacks
USA Today : Google found iPhone security flaws that allowed websites to hack iOS users ‘en masse’
CRN : iPhone hacking ‘implants’ outed by Google Two-year campaign targeted private data.
Newser : Until Recently, Websites Were Hacking iPhones – Newser
Daily Dot: How China targeted Uyghur Muslims with iPhone-hacking websites
9ot5Mac: Report: China used iPhone website exploit attacks to target Uyghur Muslims
MacRumors: China Reportedly Used iPhone Exploits to Target Uyghur Muslims
Economic Times: Apple iPhone ‘hacking’ websites found by Google also affected Android and Windows devices
Cult of Mac: iPhone security exploit allegedly used to target Uyghur Muslims
TechSpot: iPhone-hacking websites also targeted Google and Windows users
The Guardian: Uighurs in China were target of two-year iOS malware attack – reports
MSPoweruser: Along with iOS, Android and Windows users were also targeted by Chinese government
Techradar: iPhone hack also hit Windows and Android devices
Tech Insider: China may have used a recent massive iPhone hack to target Uighur Muslims
fossBytes: iPhone Hack Uncovered By Google Even Targeted Android And Windows
Gizmodo: The iPhone-Hacking Sites Google Found Apparently Went After Android and Windows Users Too
Telecompaper Headlines: Google reveals two-year-long iOS hacking operation
MacRumors: China Reportedly Used iPhone Exploits to Target Uyghur Muslims
TechNadu: China Was Using the iPhone ‘Watering Hole’ Websites to Spy on Uyghur Muslims
Daily Dot: How China targeted Uyghur Muslims with iPhone-hacking websites
Slashdot: iPhone-Monitoring Crackers Also Targeted Android and Windows, Targeted Ethnic Group in China
The Loop: Sources say China used iPhone hacks to target Uyghur Muslims
9to5Mac : Report: China used iPhone website exploit attacks to target Uyghur Muslims
The Next Web: iPhone spyware campaign reportedly targeted Uyghur Muslims for 2 years
Engadget : Sites stealing iPhone data reportedly targeted Uyghur Muslims – Engadget
AppleInsider: China believed to have used iPhone exploits to track Uyghur Muslims
Softpedia News: iPhone Hackers Going After Windows and Android Users Too

@iblametom: New - iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
@HowellONeill: The hackers behind the iPhone watering hole attack also targeted Android and Windows
@zackwhittaker: New: @iblametom has confirmed that Android and Windows users were *also* targeted in the same watering hole attacks affecting iPhone users.