A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.”

“It is metastasizing rapidly out of North Charleston and I just heard 777 may have gone down,” reads VanderWel’s memo. The company worries the virus may hit equipment used in functional airplane tests, which could lead to it spreading to airplane software. WannaCry, which the Trump administration blames on the cyberterrorism unit of North Korea as of December 2017, attacked mainly via a critical Windows vulnerability.

Github announced the discovery of more than 4 million vulnerabilities located in 500,000 plus repositories.

In 2017, the code sharing site started vulnerability scanning for known Common Vulnerabilities and Exposures in its Ruby and JavaScript libraries, according to a March 21 blog post. The libraries are operated through the company's Dependency Graph which matches the code against the vulnerabilities. Shortly after the program was launched, Github said 450,000 of the identified flaws had been resolved by Dec. 1, 2017 and its rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. 

Drupal developers are being asked to give themselves extra time next week to fix a “highly critical” flaw in Drupal 7 and 8 core.

In an advisory sent to developers on Wednesday, Drupal notified them that, “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.” The security advisory did not identify the bug, only describing it as a “highly critical security vulnerability.” “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” according to the post. 

The Trump administration has announced criminal charges and sanctions against nine Iranians accused of participating in a government-sponsored hacking scheme to steal sensitive information from hundreds of universities, private companies and US government agencies.

The nine defendants, accused of working at the behest of the Iranian government-tied Islamic Revolutionary Guard Corps, hacked the computer systems of about 320 universities in the United States and abroad to steal expensive research that was then used or sold for profit, prosecutors said. 

On iOS 11, Apple introduced a new way to protect user privacy by letting you hide the contents of your notifications on your iPhone's lock screen until you unlock the device with Touch ID or Face ID.

But it turns out there's a very simple way to read these hidden notifications even if you can't unlock the phone: Just ask Siri to read them to you. Yep, that's right: A new bug reveals that you can simply ask Siri to spy on someone's hidden notifications. Even with the "Show Previews" featured set to display only "When Unlocked" (Settings > Notifications > Show Previews), you can still ask Siri to read any hidden notifications out loud by saying "Hey Siri, read my notifications." 

The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday. 

Facial recognition software is becoming more advanced and ubiquitous—I mean, you can unlock your phone with your face now.

As this progresses, researchers are trying to make systems more secure by getting ahead of any potential hacks, including creating an infrared light-projecting baseball cap that can fool a face recognition system into thinking you’re the musician Moby. Security researchers from universities in China and the United States recently uploaded a paper to the arXiv preprint server that details exactly how such a scam could be pulled off. 

Manufacturers of modern vessels didn’t escape the common trend of connecting various parts of their ships to the Internet. As a result, any modern yacht now contains not only navigation systems, but also a pack of IoT devices with routers and switches — regardless of whether they’re really necessary.

As a result, yachts have the same security problems as other devices that suddenly became Internet-friendly: Technologies developed before modern security standards, navigation and infotainment systems connected to the same network, unprotected Internet connections on board, and more. 

Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

Dubbed RottenSys, the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign. 

Imagine the life smart home developers want you to see: Your busy day at work is over, and you’re almost home. Your door unlocks automatically the moment it recognizes your face and your iris.

The house is already warm and the light in the hall is on, music is playing quietly, and the electric kettle just turned itself off; the water in it boiled right before you stepped into your apartment. You eat your dinner and relax on the sofa, using your smartphone to dim the lights a little and to turn on the TV. Living in a smart house makes everything very convenient — all those small daily routines are either automated or controlled with your phone.