Patch Now: Apple Zero-Day Exploits Bypass Kernel Security

A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.

Follow Dark Reading:

March 07, 2024

LATEST SECURITY NEWS & COMMENTARY Patch Now: Apple Zero-Day Exploits Bypass Kernel Security A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too. First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently responsible for the Bank of America breach. Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs A Russian-language campaign aims to compromise corporate users on both Windows and Android devices by mimicking popular online collaboration applications. China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks The nation-state group compromised the website of a Tibetan festival and a software application to target user systems in Asia. Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence "Spinning YARN" cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known Atlassian Confluence bug. Southern Company Builds SBOM for Electric Power Substation The utility's software bill of materials (SBOM) experiment aims to establish stronger supply chain security — and tighter defenses against potential cyberattacks. 10 Essential Processes for Reducing the Top 11 Cloud Risks The Cloud Security Alliance's "Pandemic 11" cloud security challenges can be addressed by putting the right processes in place. MORE NEWS / MORE COMMENTARY HOT TOPICS Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure. BlackCat Goes Dark After Ripping Off Change Healthcare Ransom Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up. Navigating Biometric Data Security Risks in the Digital Age The use of biometrics is increasingly common for authentication, and organizations must make sure their data security solutions protect what may be a new goldmine for hackers. What Cybersecurity Chiefs Need From Their CEOs By helping CISOs navigate the expectations being placed on their shoulders, CEOs can greatly benefit their companies. MORE PRODUCTS & RELEASES Veeam Launches Veeam Data Cloud Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout Delinea Debuts Privilege Control for Servers: Thwarting Stolen Credentials and Lateral Movement Boston Red Sox Choose Centripetal As Cyber Network Security Partner MORE PRODUCTS & RELEASES EDITORS' CHOICE Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure. LATEST FROM THE EDGE CISO Sixth Sense: NIST CSF 2.0's Govern Function 2024 will redefine CISO leadership while acknowledging the management gap. LATEST FROM DR TECHNOLOGY The Challenges of AI Security Begin With Defining It Security for AI is the Next Big Thing! Too bad no one knows what any of that really means. LATEST FROM DR GLOBAL Japan on Line Breach: Clean Up Post-Merger Tech Sprawl A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea's Naver for a massive data breach last November. WEBINARS Unleash the Power of Gen AI for Application Development, Securely Unbiased Testing. Unbeatable Results View More Dark Reading Webinars >> WHITE PAPERS Causes and Consequences of IT and OT Convergence FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE 2023 Gartner Magic Quadrant for Single-Vendor SASE Global Perspectives on Threat Intelligence Mandiant Threat Intelligence at Penn State Health The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023 2023 Snyk AI-Generated Code Security Report View More White Papers >> FEATURED REPORTS Industrial Networks in the Age of Digitalization Zero-Trust Adoption Driven by Data Protection How Enterprises Assess Their Cyber-Risk View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us