Apple plans to equip iOS 12 with USB Restricted Mode, which requires users to unlock their iPhone with their passcode before USB accessories can connect if the phone last was unlocked more than an hour earlier. The company included this feature in the developer versions of iOS 11.4.1 and iOS 12. Apple will release USB Restricted Mode publicly in a future software update, it confirmed this week.

A significant percentage of IT systems are cloud-based, according to a recent survey. The cloud is a key enabler for emerging technology, suggests the CompTIA poll, which was conducted last month. Cloud computing was one of four trends respondents expected to feature heavily in IT conversations over the next 12 to 18 months, the survey found. Others were AI, the IoT and cybersecurity.

In spite of all the high-profile breaches that seem to sweep the headlines with greater frequency, companies slowly but surely have been getting a handle on internal security practices. At this point, it's hard to imagine any employee, in or out of the tech sector, who hasn't been run through antiphishing training. However, security is only as strong as its weakest link.

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. Depending on whom you're talking to, you'll get a different answer about what it is and why it might be useful.

The FBI has disrupted a network of half a million routers compromised by the group of Russian hackers believed to have penetrated the DNC and the Hillary Clinton campaign during the 2016 elections, according to reports. The hacker group, known as "Fancy Bear," has been using a malware program called "VPN Filter" to compromise home and small office routers.

Okta has announced the Okta API Products One App, which lets engineering teams and developers implement multifactor authentication for any single website or application. Developers can use API Products for One App free if they display "Identity by Okta" on the login page of their app. Among Okta API Products for One App's features are authentication and directory services for Web or mobile apps.

Health services vendors have been partnering with various organizations to gain a foothold in the cloud and to test out their solutions. One of the cloud's major selling points is security -- but it is not as safe as it's made out to be. Google Cloud "recently announced a significant expansion in HIPAA compliance across our portfolio of cloud products," noted Google Cloud's Joe Corkery.

Several countries -- including the United States, France and Germany -- have pointed a finger at Russia for meddling in their elections. Russia used social media as a big part of that effort. Facebook has been scrambling to win back the public's trust since the Russia and Cambridge Analytica scandal. However, it's not clear what exactly hostile nation states have been up to on social media.

A newfound flaw in email clients that use PGP and S/MIME to encrypt messages can be exploited to expose the plain text of the missives, according to a new paper. By injecting malicious snippets of text into encrypted messages, attackers can use the flaw to make the email client exfiltrate decrypted copies of the emails, explained the authors, a team of researchers from three European universities.

"It's only a few times in the history of the U.S. and in specific domains do you have the opportunity to make decisions and have a lasting effect on that domain," said Circadence VP Keenan Skelly. "In terms of information cybersecurity, we're right in the middle of it right now. We're just figuring out what global norms should be."

Microsoft, Oracle and Facebook, along with 31 other companies, have signed the Cybersecurity Tech Accord, an agreement aimed at defending against cyberattacks, whether coming from rogue hackers or nation-states. The 34 tech firms committed to stronger defenses, no offensive attacks, capacity building and collective action. Security remains a major issue in the tech world.

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations -- and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to the operational controls they put in place, and potentially numerous other things.

A Web standards milestone could point to the end of the road for pesky passwords. The new standard, WebAuthn, has won near-final approval from the World Wide Web Consortium. WebAuthn defines a standard API that can be incorporated into browsers and Web infrastructure. It opens the door for new ways for users to authenticate themselves on the Internet that are more secure and convenient than passwords.

An alarming number of major U.S. retailers, industrial firms, government agencies and other organizations have been hit in a recent wave of cyberbreaches that may signal increasing vulnerability for consumers and businesses alike. The attacks have exposed millions of consumer payment cards to fraud. Cyberthieves have used a variety of methods to infiltrate corporate computer systems.

Nearly a week after it became the target of one of the largest ransomware attacks to date, the City of Atlanta has made progress toward recovery, but it is still far from business as usual. Hackers encrypted many of the city government's vital data and computer systems. Mayor Keisha Lance Bottoms characterized the ransomware attack as "a hostage situation."

The DoJ has charged nine Iranian nationals for engaging in a massive phishing campaign on behalf of the Iranian Revolutionary Guard. The allegations include the theft of $3.4 billion in research and intellectual property from 320 colleges and universities in the U.S. and abroad, as well as from 47 foreign and domestic companies, plus several federal agencies, state governments, and the UN.

The tech world experienced more insanity last week. We finally got confirmation from AMD that the CTS Labs security report was a tempest in a teapot, but the big question remained unanswered. A self-driving Uber vehicle killed a pedestrian, but we didn't ask the right questions. Facebook admitted that it gave our information to a bad actor, and we forgot what really would wake up Zuckerberg.

A virtual currency hardware wallet with millions of users has been compromised. Saleem Rashid explained how he cracked the firmware on the wallet produced by Ledger using what's known as a "supply chain" attack. That means a targeted device is compromised before any users get their hands on it. The attack on Ledger's $100 Nano S wallet creates a backdoor on the device.

Americans have been targeted on social media by Russian agents on a mission to harvest personal information. The agents pretended to work for organizations promoting African-American businesses as a ruse to obtain personal information from black business owners during the 2016 presidential election campaign. Using names like "BlackMattersUS," the agents set up hundreds of social media accounts.

Sony Semiconductor Solutions, Nikon, Foxconn, Scenera and Wistron have formed an alliance to create standards that allow surveillance and IP cameras to play well with each other. The NICE Alliance, unveiled Monday, aims to create a new smart camera ecosystem, along the lines of the mobile ecosystems that have become so familiar. The "NICE" acronym stands for "Network of Intelligent Camera Ecosystem."

It's a truism that just like organizations adapt, so too do criminals. Anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? That strategy might have worked well in the days of the Pony Express.

As beneficial as AI can be, it has its dark side, too. That dark side is the focus of a new 100-page report. AI will be used by threat actors to expand the scale and efficiency of their attacks, it predicts. They will employ it to compromise physical systems and to broaden their privacy invasion and social manipulation capabilities. Novel attacks are to be expected.

Some small e-commerce website operators may think their relative obscurity offers protection, but the fact is that SMBs are especially vulnerable to cyberattacks and malware. "Very often small businesses don't feel vulnerable to cyberthreats because they assume cybercriminals prefer to launch attacks on large companies," said Stephanie Weagle, VP of Corero.

SentinelOne this week announced a partnership with Microsoft to bolster threat protection for mixed platform users, making computing safer for Linux machines in a multiplatform workplace. SentinelOne will integrate its Endpoint Protection Platform with Microsoft's Windows Defender Advanced Threat Protection service to cover Mac and Linux device platforms.

Apple lawyers have sent a copyright violation notice to Github, following the publication of leaked iOS 9 source code on the site. Though iOS 9 is dated, it's possible that the leaked code could be used to jailbreak older devices or worse. Publication of the code violated Apple's rights under the DMCA, the attorneys wrote, demanding that the iBoot source code be removed.

Meaningful security is more than an app or an OS. It's a mindset. Linux security tools by themselves will not make you or anyone more secure. Security requires trade-offs in convenience, so the tools I'll highlight here are not recommended as "daily drivers." Only you can determine your ideal balance point. Perhaps the single greatest strength of Linux is that it is open source.

Most WiFi router vendors have not patched numerous firmware vulnerabilities discovered more than two years ago, according to a new report. OEM firmware built into WiFi routers use open source components that contain numerous known security vulnerabilities that can be exploited by hackers. Insignary conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers.

Alphabet has launched Chronicle, a new cybersecurity venture, following two years of development at the Alphabet X research lab. Chronicle will include VirusTotal, a Google-owned cybersecurity and intelligence platform and malware intelligence service. The idea behind Chronicle stems from the fact that many companies receive many more security alerts per day than they can handle.

If you follow security news, you may have noticed a disturbing trend. Last year, we learned that Uber paid attackers $100,000 to keep under wraps their stealth of the personal information of 50 million Uber riders. More recently, we learned that Hancock Health paid approximately $55,000 in bitcoin to bring hospital systems back online. The payment of ransoms could be more common than it appears.

SentinelOne has released Blacksmith, a free Linux tool that can detect Meltdown vulnerability exploitation attempts. The company has been working on a similar tool to detect Spectre vulnerability attacks. Though free, Blacksmith is not open source. SentinelOne decided to expedite its development in-house to save time, said Raj Rajamani, vice president of product management.