Image: 2ragon/Adobe Stock Revelations this week from Microsoft and Apple speak to the COVID-like persistence of cyber threats and the ability of threat actors to adapt in the wild, steal credentials and sidestep patches. Microsoft explained this week how it had discovered and attempted to harden ramparts in the face . . . Read more
Zero-day exploits — or 0days, in hacker-speak — allow attackers to quietly access a network or software. Due to their scarcity and the high stakes attached to high-value targets like Apple or banks, these bugs are often sold on the Dark Web for thousands of dollars. This cheat sheet is . . . Read more
New research on operational technology vulnerabilities by Armis found that 56% of engineering workstations have at least one unpatched critical severity. Image: Siphosethu Fanti/peopleimages.com/Adobe Stock As operational technology (OT) merges with IT, vulnerabilities in operational tech systems are a new threat, not least because these networks involve control frameworks for . . . Read more
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. iOS 15.6.1 and macOS Monterey 12.5.1 both patch the . . . Read more
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation . . . Read more
Mobile transactions could’ve been disabled, created and signed by attackers.
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.