Apple Reveals Exploited Zero-Day in Browser Engine | Millions at Risk As 'Parrot' Web Server Compromises Take Flight

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

10 months ago

Html
Text

The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.

Follow Dark Reading:

January 25, 2024

LATEST SECURITY NEWS & COMMENTARY

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. Millions at Risk As 'Parrot' Web Server Compromises Take Flight The cyberattackers behind the traffic redirection system (TDS) inject websites with malicious scripts, have control over thousands of servers worldwide, and have ramped up efforts to avoid detection. Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology. Subway Puts a LockBit Investigation on the Menu The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary "SBS" network. CISA Director Jen Easterly Targeted in Swatting Incident A phone call to authorities claimed that a shooting had taken place on Easterly's block. 'VexTrio' TDS: The Biggest Cybercrime Operation on the Web? The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally. Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles The company hasn't taken full responsibility for the incident, even though allowing scraping paves the way for dangerous follow-on attacks. Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war. Third Ivanti Vulnerability Exploited in the Wild, CISA Reports Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it. Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor. Filling the Cybersecurity Talent Gap Veterans are ideal candidates to close the skills gap and create the industry needed to meet security threats head-on. Battling Misinformation During Election Season Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools. CISA's Road Map: Charting a Course for Trustworthy AI Development The agency aims to build a more robust cybersecurity posture for the nation. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Survey Shows a Surge in (Artificial) Intelligence A new Omdia survey shows a rapid increase in generative AI adoption for security Name That Toon: Cast Adrift Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Building AI That Respects Our Privacy Until laws can move at the speed of innovation, we'll see a discrepancy between the protections offered and the risks associated with technology. MORE

PRODUCTS & RELEASES

Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments Peters and Braun Introduce Bipartisan Bill to Bolster Government's Cybersecurity Capabilities Amy Farrow Joins Infoblox As Chief Information Officer F5 Welcomes Samir Sherif As New Chief Information Security Officer Managed Ransomware Detect & Respond (RDR) Offering From Zyston Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments National Cybersecurity Alliance Announces 2024 Data Privacy Week MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs. LATEST FROM THE EDGE
AI Gives Defenders the Advantage in Enterprise Defense A panel of CISOs acknowledged that artificial intelligence has boosted the capabilities of threat actors, but enterprise defenders are actually benefiting more from the technology. LATEST FROM DR TECHNOLOGY
Researchers Map AI Threat Landscape, Risks With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions. LATEST FROM DR GLOBAL
Magecart Adds Middle East Retailers to Long List of Victims Cybercriminals who conspire to put credit-card skimmers on e-commerce sites have hit some large vendors in the region.

WEBINARS

API Security: Protecting Your Application's Attack Surface Top Cloud Security Threats Targeting Enterprises

View More Dark Reading Webinars >>

WHITE PAPERS

Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software Pixelle's OT Security Triumph with Security Inspection IT Zero Trust vs. OT Zero Trust: It's all about Availability Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS Understanding AI Models to Future-Proof Your AppSec Program Increase Speed and Accuracy with AI Driven Static Analysis Auditing The Need for a Software Bill of Materials

View More White Papers >>

FEATURED REPORTS

The State of Supply Chain Threats How to Deploy Zero Trust for Remote Workforce Security What Ransomware Groups Look for in Enterprise Victims

Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

View More Dark Reading Reports >>

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
14 hours ago
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
16 hours ago
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Yesterday at 14:04

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines