Patch Tuesday: Internet Explorer Vulnerabilities Patched

Patch Tuesday: Internet Explorer Vulnerabilities Patched

A breach in the engine behind Internet Explorer and a vulnerability in the Remote Desktop Protocol Service top the list of about 117 patches deployed in Microsoft’s monthly update. Around the same time, Apple has released a fix for macOS 15 that restores functionality to some third-party security tools. Patch Tuesday is a useful reminder for admins to ensure applications and security services are up to date. Microsoft Management Console vulnerability exploited Despite previous reports…

Read More

Threat Actors Increasingly Target macOS

Threat Actors Increasingly Target macOS

Intel471’s new report reveals macOS is increasingly targeted by threat actors, who develop specific malware for the operating system or use cross-platform languages to achieve their goals on macOS computers. More macOS vulnerabilities are also being exploited in the wild. Malware and exploits might be used for both cybercrime and cyberespionage. More malware than ever on macOS Between January 2023 and July 2024, the researchers observed more than 40 threat actors targeting macOS systems with…

Read More

StormBamboo Compromises ISP to Spread Malware via Updates

StormBamboo Compromises ISP to Spread Malware via Updates

New research from cybersecurity company Volexity revealed details about a highly sophisticated attack deployed by a Chinese-speaking cyberespionage threat actor named StormBamboo. StormBamboo compromised an ISP to modify some DNS answers to queries from systems requesting legitimate software updates. Multiple software vendors were targeted. The altered responses led to malicious payloads served by StormBamboo in addition to the legitimate update files. The payloads targeted both macOS and Microsoft Windows operating systems. Who is StormBamboo? StormBamboo…

Read More

OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked

OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked

The online forum OpenAI employees use for confidential internal communications was breached last year, anonymous sources have told The New York Times. Hackers lifted details about the design of the company’s AI technologies from forum posts, but they did not infiltrate the systems where OpenAI actually houses and builds its AI. OpenAI executives announced the incident to the whole company during an all-hands meeting in April 2023, and also informed the board of directors. It…

Read More

Millions of Apple Applications Were Vulnerable to CocoaPods Attack

Millions of Apple Applications Were Vulnerable to CocoaPods Attack

Many macOS and iOS applications were open to a vulnerability in CocoaPods, an open-source dependency manager, E.V.A. Information Security revealed on July 1. The vulnerability has been patched since EVA first discovered it, and no attacks have occurred that are conclusively related to it. However, the case is interesting because the vulnerability stayed unnoticed for so long and highlighted how developers should be careful with open-source libraries. The vulnerability is a good reminder for developers…

Read More

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate. Action1 analysts used data from the National Vulnerability Database and CVEdetails.com to draw five insights into how the threat landscape changed…

Read More

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. The vulnerabilities were discovered by Google’s Threat Analysis group, which has been working on fixes for active Chrome vulnerabilities this week as well. Jump to: What are these Apple OS vulnerabilities?…

Read More

Apple Vulnerability Can Expose iOS and macOS Passwords, Safari Browsing History

Apple Vulnerability Can Expose iOS and macOS Passwords, Safari Browsing History

This Safari vulnerability has not been exploited in the wild. Apple offers a mitigation, but the fix needs to be enabled manually. Image: ink drop/Adobe Stock Security researchers from three universities have discovered a major vulnerability in Apple’s iOS and macOS, including the Safari browser. The vulnerability, which the researchers named iLeakage, enables threat actors to read Gmail messages, reveal passwords and uncover other personal information. The vulnerability affects macOS or iOS devices running on…

Read More