Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor

Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor.
The post Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor appea… Continue reading Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we’d got used to three-numbered versions, such as “13.3.1”, here comes an update suffix, bringing you “13.3.1 (a)”… Continue reading Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks. Continue reading 3CX Breach Was a Double Supply Chain Compromise

Fortra Completes Investigation Into GoAnywhere Zero-Day Incident

Fortra has shared a summary of its investigation into the GoAnywhere zero-day incident that hit dozens of the company’s customers earlier this year.
The post Fortra Completes Investigation Into GoAnywhere Zero-Day Incident appeared first on SecurityWe… Continue reading Fortra Completes Investigation Into GoAnywhere Zero-Day Incident

NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab

NSO Group used at least three iOS zero-click exploits in Pegasus attacks in 2022: FindMyPwn, PwnYourHome, and LatentImage.
The post NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab appeared first on SecurityWeek.
Continue reading NSO Group Used at Least 3 iOS Zero-Click Exploits in 2022: Citizen Lab