Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world.
Tracked as CVE-2021-30860, the vulnerability needs little to no interaction by an iPhone user to be exploited—hence the name "FORCEDENTRY."
The September 2021 edition of Patch Tuesday brings us 64 fixes, 3 of which are rated as critical with one actively exploited. We've listed the most important changes below.
Today's Kaseya VSA ransomware attack is the largest in history. More details have been revealed about the Russia-linked gang's attack on the company that was the conduit.
Kaseya VSA Users Under Ransomware Attack. Kaseya is urging MSPs to shut down on-premises VSA servers immediately.
The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.
UPDATE
A proof-of-concept for a critical Windows security vulnerability that allows remote code execution (RCE) was dropped on GitHub on Tuesday – and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform.
A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.
The group of hackers who stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard has learned.
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.
Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month.
As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful.
These include phishing emails to harvest credentials and gain easy access to business-critical environments.
An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate.
It's the second tuesday of the month: time for the Microsoft Patch Tuesday, June 2021 edition. This month, it contains 52 fixes for several security flaws for Windows and other products. We have discussed the most critical ones and made a list of all the other vulnerabilities.
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has been acknowledged, it's yet to be addressed.
Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time.
The world’s largest meat distributor shut down some operations in both the United States and Australia over the Memorial Day weekend after a cyberattack on its IT systems that could have a significant effect on the food supply chain if not resolved quickly.
Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out.
These days, it seems whenever technology is mentioned in the media, there is a new buzzword to boot.
Navigating them can become a nightmare, and you’d be forgiven for not being able to tell your VR from your AI and your IoT.
We have decided to gather the super-futuristic tech lingo in one place and lay it out in layman’s terms.
Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.
Threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems.
Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations.
The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities.
By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/
Tag Cloud
Mobile? Grab this Article
