Two university students discovered a security flaw in over a million internet-connected laundry machines operated by CSC ServiceWorks, allowing users to avoid payment and add unlimited funds to their accounts. The students, Alexander Sherbrooke and Iakov Taranenko from UC Santa Cruz, reported the vulnerability to the company, a major laundry service provider, in January but claim it remains unpatched. TechCrunch adds: Sherbrooke said he was sitting on the floor of his basement laundry room in the early hours one January morning with his laptop in hand, and "suddenly having an 'oh s-' moment." From his laptop, Sherbrooke ran a script of code with instructions telling the machine in front of him to start a cycle despite having $0 in his laundry account. The machine immediately woke up with a loud beep and flashed "PUSH START" on its display, indicating the machine was ready to wash a free load of laundry.

In another case, the students added an ostensible balance of several million dollars into one of their laundry accounts, which reflected in their CSC Go mobile app as though it were an entirely normal amount of money for a student to spend on laundry.

An anonymous reader quotes a report from Ars Technica: An Arizona woman has been accused of helping generate millions of dollars for North Korea's ballistic missile program by helping citizens of that country land IT jobs at US-based Fortune 500 companies. Christina Marie Chapman, 49, of Litchfield Park, Arizona, raised $6.8 million in the scheme, federal prosecutors said in an indictment unsealed Thursday. Chapman allegedly funneled the money to North Korea's Munitions Industry Department, which is involved in key aspects of North Korea's weapons program, including its development of ballistic missiles. Part of the alleged scheme involved Chapman and co-conspirators compromising the identities of more than 60 people living in the US and using their personal information to get North Koreans IT jobs across more than 300 US companies.

As another part of the alleged conspiracy, Chapman operated a "laptop farm" at one of her residences to give the employers the impression the North Korean IT staffers were working from within the US; the laptops were issued by the employers. By using proxies and VPNs, the overseas workers appeared to be connecting from US-based IP addresses. Chapman also received employees' paychecks at her home, prosecutors said. Federal prosecutors said that Chapman and three North Korean IT workers -- using the aliases of Jiho Han, Chunji Jin, Haoran Xu, and others -- had been working since at least 2020 to plan a remote-work scheme. In March of that year, prosecutors said, an individual messaged Chapman on LinkedIn and invited her to "be the US face" of their company. From August to November of 2022, the North Korean IT workers allegedly amassed guides and other information online designed to coach North Koreans on how to write effective cover letters and resumes and falsify US Permanent Resident Cards.

Under the alleged scheme, the foreign workers developed "fictitious personas and online profiles to match the job requirements" and submitted fake documents to the Homeland Security Department as part of an employment eligibility check. Chapman also allegedly discussed with co-conspirators about transferring the money earned from their work. Chapman was arrested Wednesday. It wasn't immediately known when she or Didenko were scheduled to make their first appearance in court. If convicted, Chapman faces 97.5 years in prison, and Didenko faces up to 67.5 years.

Palo Alto Networks is acquiring IBM's QRadar cloud software and migrating customers to its Cortex Xsiam platform as part of a broader partnership aimed at expanding its consulting capabilities and customer base. The sum of the deal was not disclosed. CNBC reports: The move normally takes one to three months, Nikesh Arora, Palo Alto's CEO, told CNBC. Also, IBM will train more than 1,000 of its consulting employees on Palo Alto's products. [...] For IBM, a more robust lineup of contemporary security tools for consulting might help the company deliver on its stated goal of revenue growth in the mid-single digits for 2024. In the first quarter, revenue increased 3%, with a 2% bump in the consulting segment.

Palo Alto is growing much faster than IBM. In the January quarter, revenue jumped 19%. The company will report results for the latest quarter on Monday. Palo Alto more than doubled in value last year and its stock is up 6% year to date, lifting the company's market cap past $100 billion. The stock rose more than 1% in extended trading. IBM is up close to 5% this year and is now valued at $154 billion. The companies said the transaction should close by the end of September, subject to regulatory approval and other conditions. [...] IBM will continue to sell its QRadar software for use in on-premises data centers. At the same time, IBM will suggest that clients using it consider switching to Palo Alto's Cortex Xsiam.

Google and Samsung used to update smartphone software for only three years. That has changed. From a report: Every smartphone has an expiration date. That day arrives when the software updates stop coming and you start missing out on new apps and security protections. With most phones, this used to happen after about only three years. But things are finally starting to change. The new number is seven. I first noticed this shift when I reviewed Google's $700 Pixel 8 smartphone in October. Google told me that it had committed to provide software updates for the phone for seven years, up from three years for its previous Pixels, because it was the right thing to do.

I was skeptical that this would become a trend. But this year, Samsung, the most profitable Android phone maker, set a similar software timeline for its $800 Galaxy S24 smartphone. Then Google said it would do the same for its $500 Pixel 8A, the budget version of the Pixel 8, which arrived in stores this week. Both companies said they had expanded their software support to make their phones last longer. This is a change from how companies used to talk about phones. Not long ago, tech giants unveiled new devices that encouraged people to upgrade every two years. But in the last few years, smartphone sales have slowed down worldwide as their improvements have become more marginal. Nowadays, people want their phones to endure.

Samsung and Google, the two most influential Android device makers, are playing catch-up with Apple, which has traditionally provided software updates for iPhones for roughly seven years. These moves will make phones last much longer and give people more flexibility to decide when it's time to upgrade. Google said in a statement that it had expanded its software commitment for the Pixel 8A because it wanted customers to feel confident in Pixel phones. And Samsung said it would deliver seven years of software updates, which increase security and reliability, for all its Galaxy flagship phones from now on.

Visa is rolling out new technology that will allow the payments giant to share more information about customers' preferences [non-paywalled source] based on their shopping history with retailers as it seeks to remain a top player in the competitive e-commerce space. From a report: The data will be shared via the payments giant's proprietary "tokens," which provide an added layer of security between a consumer's bank information and a merchant. Shopping inclinations and other information based on past transactions -- such as preferred categories, like movies or golf -- will be shared via token with retailers with the consent of consumers.

"It's almost entirely blind to almost all consumers," Visa Chief Executive Officer Ryan McInerney said in an interview of the company's token technology. "They just know their payments work better." The sharing of shopping data via token is one of a handful of innovations Visa unveiled at a conference in San Francisco, where it's based. Visa, one of the largest e-commerce technology companies in the world, is finding itself increasingly fending off competitors seeking larger slices of the fees merchants must pay to carry out consumer transactions.

In an op-ed on Windows Central, the site's co-managing editor Jez Corden laments Microsoft's "short-sighted" decision-making and "inconsistent" investment in its products and services, which he argues has led to a loss of trust among customers and missed opportunities in the tech industry. Despite Microsoft's advancements in AI and cloud computing, the company has made "baffling" decisions such as shutting down Windows Phone, under-investing in Xbox, and canceling promising Surface products.

The author argues that Microsoft's lack of commitment to security, customer support, and long-term quality has "damaged" its reputation and hindered its potential for growth. Examples include recent hacking scandals, poor customer service experiences, and the aggressive promotion of Microsoft Edge at the expense of user choice. The author also expresses concern over Microsoft's handling of the Xbox brand, particularly the decision to release exclusive games on PlayStation, which could undermine the reasons for customers to choose Xbox. The op-ed concludes that while Microsoft has the potential to be a leader in the tech industry, its pattern of short-sighted decisions and failure to learn from past mistakes has led to a growing sense of doubt among its customers and observers.

The recent surge in bitcoin prices has the phones at crypto wallet recovery firms ringing off the hook, as retail investors locked out of their digital vaults make frantic calls to regain access to their accounts. From a report: Cryptocurrencies exist on a decentralized digital ledger known as blockchain and investors may opt to access their holdings either through a locally stored software wallet or a hardware wallet, to avoid risks related to owning crypto with an exchange, as in the case of the former FTX. Losing access to a crypto wallet is a well-known problem. Investors forgetting their intricate passwords is a primary reason, but loss of access to two-factor authentication devices, unexpected shutdowns of cryptocurrency exchanges and cyberattacks are also common.

Wallet passwords are usually alphanumeric and the wallet provider also offers a set of randomized words, known as "seed phrases," for additional security - both these are known only to the user. If investors lose the passwords and phrases, access to their wallets is cut off. With bitcoin prices regaining traction since last October and hitting a record high of $73,803.25 in March, investors seem to be suffering from a classic case of FOMO, or the fear of missing out. Reuters spoke to nearly a dozen retail investors who had lost access to their crypto wallets. Six of them contacted a recovery services firm and managed to regain access to their holdings.

Intel unveiled Thunderbolt Share on Wednesday with which it promises to streamline screen and file sharing between two PCs. Tom's Hardware: Thunderbolt Share will allow PC owners to connect their two computers with a wired connection that leverages Thunderbolt's speed (40Gbps or higher), low latency, and built-in security. It allows PC-to-PC access that shares the screen, keyboard, mouse, and storage. The software also enables folder synchronization or easy drag-and-drop file transfer between the computers. [...]

Thunderbolt Share also provides uncompressed screen sharing between two PCs in the original resolution of the source computer. It also claims low latency for a smooth, responsive experience that includes the screen, keyboard, and mouse with full HD screen mirroring at up to 60 frames per second (fps). Higher resolutions could result in fewer frames per second, but Ziller said it would still be a "great experience."

The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. From a report: The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal. The website is now displaying a message stating that the FBI has taken control over it and the backend data, indicating that law enforcement seized both the site's servers and domains. [...] The seizure message also shows the two forum profile pictures of the site's administrators, Baphomet and ShinyHunters, overlaid with prison bars.

Tech columnist and venture investor MG Siegler, commenting on the new iPad Pro: I love the iPad for the things it's good at. And I love the MacBook for the things it's good at. What I want is less a completely combined device and more a single device that can run both macOS and iPadOS. And this new iPad Pro, again equipped with a chip faster than any MacBook, can do that if Apple allowed it to.

At first, maybe it's dual boot. That is, just let the iPad Pro load up macOS if it's attached to the Magic Keyboard and use the screen as a regular (but beautiful) monitor -- no touch. Over time, maybe macOS is just a "mode" inside of iPadOS -- complete with some elements updated to be touch-friendly, but not touch-first. Steven Sinofsky, the former head of Microsoft's Windows division, chiming in: It is not unusual for customers to want the best of all worlds. It is why Detroit invented convertibles and el caminos.

But the idea of a "dual boot" device is just nuts. It is guaranteed the only reality is it is running the wrong OS all the time for whatever you want to do. It is a toaster-refrigerator. Only techies like devices that "presto-change" into something else. Regular humans never flocked to El Caminos, and even today SUVs just became station wagons and almost none actually go off road :-)

Two things that keep going unanswered if you really want macOS on an iPad device:

1. What software on Mac do you want for an iPad device experience? What software will get rewritten for touch? If you want "touch-enabled" check out what happened on the Windows desktop. Nearly everything people say they want isn't features as much as the mouse interaction model. People want overlapping windows, a desktop of folders, infinitely resizable windows, and so on. These don't work on touch very well and certainly not for people who don't want to futz.
2. Will you be happy with battery life? The physics of an iPad mean the battery is 2/3rds the size of a Mac battery. Do you really want that? I don't. The reason the iPad is the 5.x mm device is because the default doesn't have a keyboard holding the battery. This is about the realities. The metaphors that people like on a desktop, heck that they love, just don't work with the blunt instrument of touch. It might be possible to build all new metaphors that use only tough and thus would be great on an iPad but that isn't what they tried. The device grew out of a phone. It's only their incredible work on iPhone that led to Mx silicon and their tireless work on the Mac-centric frameworks that delivered a big chunk (but not all) the privacy, reliability, battery life, security, etc. of the phone on Mac. [...]

A panel of judges in the Netherlands has found Alexey Pertsev, one of the developers behind crypto anonymizing tool Tornado Cash, guilty of money laundering. Wired: Over the course of two days in March, the Russian national was tried on the allegation that the tool he developed had allowed criminals -- among them hackers with ties to North Korea -- to freely launder $1.2 billion in stolen cryptocurrency. "The management of Tornado Cash welcomed the bank robbers with open arms," the prosecutors wrote in a March court filing.

Dutch judges sentenced Pertsev to five years and four months in prison on Tuesday, which was the term requested by prosecutors in the case. "With Tornado Cash, the defendant created a shortcut for financing crimes and terrorism," said the court in a statement, translated from Dutch. "He chose to look away from the abuse and did not take any responsibility." The purpose of tools like Tornado Cash, known as crypto mixers or tumblers, is to mask the origin and destination of users' coins. Funds belonging to many parties are pooled, jumbled up, and spat out into brand-new wallets, by which time it is no longer clear whose crypto is whose. These services are promoted as a way to improve the level of privacy available to crypto users, but have been readily co-opted for the purpose of money laundering.

On August 8, 2022, Tornado Cash was sanctioned in the United States, making it illegal for US citizens to use the service. Any product that "indiscriminately facilitates anonymous transactions," wrote the US Treasury's Office of Foreign Assets Control, represents a "threat to US national security." Two days later, Pertsev was arrested in the Netherlands, where he resided. Money laundering activity, the Dutch prosecutors claim, accounted for more than 30 percent of the funds that passed through Tornado Cash between 2019 and 2022. [...] Pertsev built his defense on the argument that Tornado Cash, which remains in operation, is under nobody's control -- including his own -- as a piece of software that runs on the Ethereum blockchain, a distributed network of computers. Further reading: Coinbase Employees and Ethereum Backers Sue US Treasury Over Tornado Cash Sanctions (September 2022).

This week, The Register reported: If you are still running RHEL 7, which is now approaching a decade old, there's good news. Red Hat is offering four more years of support for RHEL 7.9, which it terms Extended Life Cycle Support or ELS.

If you are running the free version, CentOS Linux 7, that hits its end-of-life on the same date: June 30, 2024. CIQ, which offers CentOS Linux rebuild Rocky Linux, has a life cycle extension for that too, which it calls CIQ Bridge. The company told The Reg: "CIQ Bridge, essentially a long-term support service tailored for CentOS 7 users on the migration path to Rocky Linux, is offered under an annual, fixed-rate subscription. CIQ Bridge includes access to CentOS 7 extended life package updates for an additional three years and security updates for CVSS 7 issues and above. Security updates for CVSS 5 and 6 are available at an elevated subscription tier. CIQ Bridge is designed to support CentOS 7 users until they are ready for CIQ guidance and support in migration to Rocky Linux." CIQ believes there's a substantial market for this, and points to research from Enlyft that suggests hundreds of thousands of users still on CentOS Linux 7.

The Dillo browser dates back to 1999, writes the Register, with its own rendering engine. And now Dillo "has returned with a new release, version 3.1.

"It's nearly nine years after version 3.05 appeared on the last day of June 2015." Version 3.1 incorporates dozens of fixes and improvements, as the official announcement describes.

Project lead Rodrigo Arias Mallo announced his resurrection attempt on Hacker News early this year. He has taken the last available code from the project's Mercurial repository, incorporated about 25 outstanding fixes, and added as many again of his own.

Dillo is a super-lightweight graphical web browser for Unix-like OSes, written using the Fast Light Toolkit. The latest version has a number of new features, although one of the most significant is support for Transport Layer Security. TLS is the successor to SSL, with a Microsoft-approved name. Dillo 3.1 supports it thanks to the Mbed-TLS library.
It doesn't support frames, embedded media playback, or JavaSccript — but it can run on very low-end hardware...

Thanks to Lproven (Slashdot reader #6,030) for sharing the news.

The Russia-linked ransomware group Black Basta is responsible for Wednesday's cyberattack on St. Louis-based Ascension health system, according to sources reported by CNN. The attack disrupted access to electronic health records, some phone systems and "various systems utilized to order certain tests, procedures and medications," the company said in a statement. From a report: On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Black Basta has "recently accelerated attacks against the healthcare sector." HHS said that Black Basta was initially spotted in early 2022, known for its double extortion attack. The group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it should a victim fail to pay a ransom.

"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups," the alert from HHS said. According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.

The U.S. FBI is working towards charging hackers from the aggressive Scattered Spider criminal gang who are largely based in the U.S. and western countries and have breached dozens of American organisations, a senior official said. From a report: The young hackers grabbed headlines last year when they broke into the systems of casino-operators MGM Resorts International and Caesars Entertainment locking up the companies' systems and demanding hefty ransom payments. From health and telecom companies to financial services, they have hacked a range of organisations over two years, piling pressure on law enforcement agencies to thwart them.

"We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act," Brett Leatherman, the FBI's cyber deputy assistant director, told Reuters in an interview. The group was a rare alliance of hackers in Western countries with veteran cybercriminals from eastern Europe, he said on the sidelines of the RSA Conference in San Francisco Wednesday. "Often we don't see that mingling of geographical hackers working together outside the confines of like hacktivism, for example," he said. Security researchers have tracked Scattered Spider since at least 2022 and say the group is far more aggressive than other cybercrime gangs - skilled especially at hijacking the identities of IT helpdesk staff to penetrate into company networks. Caesars paid around $15 million to free its systems from the hackers.

Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers' names and physical addresses. TechCrunch: In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating "an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell."

Dell wrote that the information accessed in the breach included customer names, physical addresses, and "Dell hardware and order information, including service tag, item description, date of order and related warranty information." Dell did not say if the incident was caused by malicious outsiders or inadvertent error. The breached data did not include email addresses, telephone numbers, financial or payment information, or "any highly sensitive customer information," according to the company. The company downplayed the impact of the breach in the message.

An anonymous reader quotes a report from TechCrunch: The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address -- which can include their home address -- appeared in public records between August 23, 2023 and April 19, 2024. U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency's website, about 14,000 applicants' private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research. The agency took blame for the incident, saying the addresses were "inadvertently exposed as we transitioned to a new IT system," according to the email to affected applicants, which TechCrunch obtained. "Importantly, this incident was not the result of malicious activity," the email said. Upon discovery of the security lapse, the agency said it "blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access." Last June, the USPTO inadvertently exposed about 61,000 applicants' private addresses "in a years-long data spill in part through the release of its bulk datasets," reports TechCrunch. It told affected individuals that the issue was fixed.

An anonymous reader quotes a report from The Register: Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. "We saw situations where threat actors essentially SIM swap the phones of children of executives, and start making phone calls to executives, from the phone numbers of their children," Charles Carmakal, Mandiant's CTO, recounted during a Google Security Threat Intelligence Panel at this year's RSA Conference in San Francisco on Monday.

"Think about the psychological dilemma that the executive goes through – seeing a phone call from the children, picking up the phone and hearing that it's somebody else's voice? Sometimes, it's caller ID spoofing. Other times, we see demonstrated SIM swapping family members." Either way, it's horrifying. It's the next step in the evolution of ransomware tactics, which have now moved far beyond simply encrypting victims' files and even stealing their data. "There are a few threat actors that really have no rules of engagement in terms of how far [they] try to coerce victims," Carmakal noted, recalling ransomware incidents in which the criminals have directly contacted executives, their family members, and board members at their homes.

The criminals have moved from just staging an attack against a company, its customers and their data, and becomes "more against the people," he added. It changes the calculation involved in deciding whether to pay the extortion demand, Carmakal said. "It's less about 'do I need to protect my customers?' But more about 'how do I better protect my employees and protect the families of employees?' That's a pretty scary shift."

Less than two weeks after President Biden signed a bill that will force TikTok's Chinese owner, ByteDance, to sell the popular social media app or face a ban in the United States, TikTok said it sued the federal government on Tuesday, arguing the law was unconstitutional. From a report: TikTok said that the law violated the First Amendment by effectively removing an app that millions of Americans use to share their views and communicate freely. It also argued that a divestiture was "simply not possible," especially within the law's 270-day timeline, pointing to difficulties such as Beijing's refusal to sell a key feature that powers TikTok in the United States.

"For the first time in history, Congress has enacted a law that subjects a single, named speech platform to a permanent, nationwide ban, and bars every American from participating in a unique online community with more than one billion people worldwide," the company said in the 67-page petition it provided, which initiates the lawsuit. "There is no question: The act will force a shutdown of TikTok by Jan. 19, 2025." TikTok is battling for its survival in the United States, with the fight set to play out primarily in courts over the next few months. While lawmakers who passed the bill have said the app is a national security threat because of its ties to China, the courts must now weigh those concerns against TikTok's argument that a sale or ban would violate the First Amendment free-speech rights of its users and hurt small businesses that owe their livelihood to the platform.

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.