S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]
Latest episode – listen now! (Full transcript inside.) Continue reading S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]
Category Archives: Zero Day
Apple fixes zero-day spyware implant bug – patch now!
Everyone update now! Except for those who don’t need to! Or who need to but will only get updates later on, though Apple isn’t saying yet! Continue reading Apple fixes zero-day spyware implant bug – patch now!
Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.
The post Apple Patches Actively Exploited WebKit Zero-Day Vulnerability appeared first on SecurityWeek.
Continue reading Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
Critical Oracle E-Business Suite vulnerability exploited in attacks shortly after PoC is published.
The post Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication appeared first on SecurityWeek.
Continue reading Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
GoAnywhere MFT Users Warned of Zero-Day Exploit
GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet
The post GoAnywhere MFT Users Warned of Zero-Day Exploit appeared first on SecurityWeek.
Continue reading GoAnywhere MFT Users Warned of Zero-Day Exploit
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode – listen now! (Or read the transcript.) Continue reading S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Apple patches are out – old iPhones get an old zero-day fix at last!
Don’t delay, especially if you’re still running an iOS 12 device… please do it today! Continue reading Apple patches are out – old iPhones get an old zero-day fix at last!
Log4j Forever Changed What (Some) Cyber Pros Think About OSS
In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure […]
The post Log4j Forever Changed What (Some) Cyber Pros Think About OSS appeared first on Security Intelligence.
Continue reading Log4j Forever Changed What (Some) Cyber Pros Think About OSS
Apple Patches iPhone Zero-Day
The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.”
News:
Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.
WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses…
S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]
Return o’ the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn! Continue reading S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]