Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. (The Hacker News)
“Payoff can be quick when cryptocurrency is the prize, however, it’s possible that any stolen cryptocurrency can be traced. Headlines like these will drive further criminal interest in cryptocurrency system vulnerabilities. Vendors and service providers should leverage the latest in software and device hardening in order to minimize the likelihood of these outcomes.”
– Jason Ingalls, Founder & CEO at Ingalls Information Security
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models.
The issue tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution.
It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. (The Hacker News)
Some of Twitter's proprietary source code had been publicly available on Github for nearly three months, according to information gleaned from a DMCA Takedown request filed on March 24. (Dark Reading)
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products.
Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices. (BleepingComputer)
Over the last several years, endpoints have played a crucial role in cyberattacks. While there are several steps organizations can take to help mitigate endpoint threats – such as knowing what devices are on a network (both on-premises and off-site), quarantining new or returning devices, scanning for threats and vulnerabilities, immediately applying critical patches, etc. – there is still much to be done to ensure endpoint security. (Help Net Security)