A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.
Follow Dark Reading:
 March 07, 2024
LATEST SECURITY NEWS & COMMENTARY
Patch Now: Apple Zero-Day Exploits Bypass Kernel Security
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches
The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently responsible for the Bank of America breach.
Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs
A Russian-language campaign aims to compromise corporate users on both Windows and Android devices by mimicking popular online collaboration applications.
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
The nation-state group compromised the website of a Tibetan festival and a software application to target user systems in Asia.
Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
"Spinning YARN" cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known Atlassian Confluence bug.
Southern Company Builds SBOM for Electric Power Substation
The utility's software bill of materials (SBOM) experiment aims to establish stronger supply chain security — and tighter defenses against potential cyberattacks.
10 Essential Processes for Reducing the Top 11 Cloud Risks
The Cloud Security Alliance's "Pandemic 11" cloud security challenges can be addressed by putting the right processes in place.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure
A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure.

BlackCat Goes Dark After Ripping Off Change Healthcare Ransom
Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.

Navigating Biometric Data Security Risks in the Digital Age
The use of biometrics is increasingly common for authentication, and organizations must make sure their data security solutions protect what may be a new goldmine for hackers.

What Cybersecurity Chiefs Need From Their CEOs
By helping CISOs navigate the expectations being placed on their shoulders, CEOs can greatly benefit their companies.

MORE
PRODUCTS & RELEASES
Veeam Launches Veeam Data Cloud
Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout
Delinea Debuts Privilege Control for Servers: Thwarting Stolen Credentials and Lateral Movement
Boston Red Sox Choose Centripetal As Cyber Network Security Partner
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure
A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure.
LATEST FROM THE EDGE

CISO Sixth Sense: NIST CSF 2.0's Govern Function
2024 will redefine CISO leadership while acknowledging the management gap.
LATEST FROM DR TECHNOLOGY

The Challenges of AI Security Begin With Defining It
Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.
LATEST FROM DR GLOBAL

Japan on Line Breach: Clean Up Post-Merger Tech Sprawl
A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea's Naver for a massive data breach last November.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us