Dark Reading Daily -- September 18, 2024

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

LATEST SECURITY NEWS & COMMENTARY

Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.

RT News Hosted Russian Cyber Spy Unit, US Says

US State Department warns that Kremlin-backed media outlets in democracies around the world are hiding Russian cyber spies and actively working to sow discord.

Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets

Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.

'CloudImposer' Flaw in Google Cloud Affected Millions of Servers

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

The Current Cybersecurity Landscape: New Threats, Same Security Mistakes

It is imperative to develop robust policies for new tech and future-proofing by favoring investments in security.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Fortinet Confirms Customer Data Breach via Third Party The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments. Cybersecurity & the 2024 US Elections While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact. Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw. NFL Teams Block & Tackle Cyberattacks in a Digital World As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas. MORE

PRODUCTS & RELEASES

99% of Business Leaders Have Concerns About the Trustworthiness of Internal Data

Cybersecurity Community Celebrates Documentary Premiere at Tampa Theatre

South Korea Digital Forensics Market to Hit US $3.52B by 2031

Cloud-Native Network Security Up 17%, Hardware Down 2%

Over a Third of Cyberattacks Result in Job Losses

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

'Void Banshee' Exploits Second Microsoft Zero-Day

Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.

LATEST FROM THE EDGE

CISA Urges Software Makers to Eliminate XSS Flaws

The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.

LATEST FROM DR TECHNOLOGY

Startup Finds 'Hydden' Identities in IT Environment

Hydden's platform detects and classifies the organization's identities, accounts, and privileges, regardless of where they reside in the IT environment.

LATEST FROM DR GLOBAL

As Geopolitical Tensions Mount, Iran's Cyber Operations Grow

Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>