Category: Uncategorized
-
Apple Suddenly Drops NSO Group Spyware Lawsuit Ryan Naraine
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case. The post Apple Suddenly Drops NSO Group Spyware Lawsuit appeared first on SecurityWeek. Read More
-
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel Ryan Naraine
Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. The post Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel appeared first on SecurityWeek. Read More
-
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers [email protected] (The Hacker News)
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can infer eye-related biometrics from the avatar image…
-
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London [email protected] (The Hacker News)
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). “The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said. The…
-
In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit SecurityWeek News
Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass. The post In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit appeared first on SecurityWeek. Read More
-
Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks Eduard Kovacs
Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys. The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek. Read More
-
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft [email protected] (The Hacker News)
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they…
-
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud [email protected] (The Hacker News)
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials. “The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers Michele Roviello and Alessandro Strino said. “In addition,Read…
-
New ‘Hadooken’ Linux Malware Targets WebLogic Servers Ionut Arghire
The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families. The post New ‘Hadooken’ Linux Malware Targets WebLogic Servers appeared first on SecurityWeek. Read More
-
House Report Shows Chinese Cranes a Security Risk to US Ports Ionut Arghire
A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports. The post House Report Shows Chinese Cranes a Security Risk to US Ports appeared first on SecurityWeek. Read More