Information Management Today

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Encryption

Encryption IT Security Information Security

Apple addressed 2 new iOS zero-day vulnerabilities

Security Affairs

NOVEMBER 30, 2023

The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. iPadOS 17.1.2 , macOS Sonoma 14.1.2 , and Safari 17.1.2. Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities. inch 2nd generation and later, iPad Pro 10.5-inch,

Security

Security IT Information Security

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

JANUARY 25, 2022

Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong.

Authentication

Authentication Security IT Information Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Apple addressed two actively exploited zero-day flaws

Security Affairs

APRIL 7, 2023

Impacted devices include: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura. Apple addressed the zero-day issue with the release of macOS Ventura 13.3.1, iPadOS 16.4.1, and Safari 16.4.1.

Education

Education Security Cybersecurity IT

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

” Google TAG researcher Maddie Stone highlighted that the issue was addressed in only two days after the initial discovery, she also confirmed the exploitation by a commercial spyware vendor. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25″ reads the advisory published by Google.

Libraries

Libraries Passwords Security IT

Google announces V8 Sandbox to protect Chrome users

Security Affairs

APRIL 9, 2024

“In particular, neither switching to a memory safe language , such as Rust, nor using current or future hardware memory safety features, such as memory tagging , can help with the security challenges faced by V8 today.” .” reads the announcement. ” concludes the announcement.

Access

Access IT Security Information Security

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Cybersecurity

Cybersecurity Education Risk Security

Microsoft Patch Tuesday, December 2022 Edition

Krebs on Security

DECEMBER 14, 2022

The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Ransomware

Ransomware Authentication Security Access

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Security

Security Ransomware Data breaches Cybersecurity

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Government

Government Security IT Cybersecurity

Weekly Vulnerability Recap – October 9, 2023 – Zero-Days Strike Android, Microsoft, Apple, Cisco & More

eSecurity Planet

OCTOBER 9, 2023

The issue affects all TeamCity versions prior to the patched release in on-premises servers running Windows, Linux, macOS, or Docker. These vulnerabilities have been monitored as CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 by Google’s Threat Analysis Group (TAG) and Project Zero teams.

Libraries

Libraries Ransomware Access Security

Passkeys

Imperial Violet

SEPTEMBER 22, 2022

Platforms for developing with passkeys include: Safari on iOS 16 or macOS 13. Just adding the webauthn tag doesn’t do anything if there’s not a pending promise for the browser to resolve.) is a reasonable place, with the passkey tag. But it's here for now. Database changes. clientDataJSON, but the latter is hashed first.

Passwords

Passwords Authentication Libraries IT

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 11, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Security

Security Ransomware Sales Cybersecurity

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Security

Security Artificial Intelligence Data breaches Ransomware

Dashlane vs. 1Password: Compare Top Password Managers for 2021

eSecurity Planet

MAY 14, 2021

You can also create tags to group related items, like financial information and social media accounts, or favorite items you use frequently. In addition, 1Password offers desktop applications for macOS, Windows, Linux, and Chrome OS. Image: 1Password desktop and web apps on macOS.

Passwords

Passwords Encryption Authentication Access

Best DevSecOps Tools

eSecurity Planet

MARCH 17, 2022

Visual panels including graphs, geomaps, heatmaps, histograms, and more Create, consolidate, and manage alerts into a central console Manipulate queries and specific files for data transformations Ability to share insights and reports for company, team, and stakeholder use Add metadata and tags to specific data points with graphical annotations.

Cloud

Cloud Risk Security Cybersecurity

10 Best CASB Security Vendors of 2022

eSecurity Planet

DECEMBER 17, 2021

Deployment options by proxy or agents for Windows and macOS and mobile devices. Context-aware tags including user, group, location, device type, OS, and behavior. Censornet Features. Multiple security layers to protect against cloud threats and malware. Risk assessment, rating, and categorization for cloud applications.

Security

Security Cloud Risk Access

Best DevOps, Website, and Application Vulnerability Scanning Tools

eSecurity Planet

MARCH 9, 2023

Heavy WordPress developers with many pages often select Acunetix because of the concurrent crawling and scanning features that work well with large WordPress sites.

Compliance

Compliance Cloud Security Authentication

Information Management Today

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Apple addressed 2 new iOS zero-day vulnerabilities

Webinars

Trending Sources

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Webinars

Apple addressed two actively exploited zero-day flaws

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google announces V8 Sandbox to protect Chrome users

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Microsoft Patch Tuesday, December 2022 Edition

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Google: four zero-day flaws have been exploited in the wild

Weekly Vulnerability Recap – October 9, 2023 – Zero-Days Strike Android, Microsoft, Apple, Cisco & More

Passkeys

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Dashlane vs. 1Password: Compare Top Password Managers for 2021

Best DevSecOps Tools

10 Best CASB Security Vendors of 2022

Best DevOps, Website, and Application Vulnerability Scanning Tools

Stay Connected