Apple recently released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation which has been active since 2019. The exact threat actor behind the activity is not known. (The Hacker News)
"A rise in Apple and Mobile vulnerabilities has been observed as of late, with spyware such as Pegasus serving as a prime example. Zero-click vulnerabilities pose a significant risk due to their ability to execute without user interaction. After discovering the vulnerability and crafting the exploit, a threat actor’s sole requirement is gaining possession of the victim’s phone number or email address that is associated with the vulnerable application. This makes it even more critical that we are mindful of security patches for mobile devices as soon as they are available.”
– Craig Flynn, SOC Analyst Lead at Ingalls Information Security
Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion. (Help Net Security)
Insight into how the human mind works can help combat the evils of social engineering, boosting the fight against phishing and other mind-manipulation techniques. (CSO)
As 40% of consumers harbor skepticism regarding organizations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First.
Furthermore, consumers request increased data protection from vendors, with 55% favoring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies. (Help Net Security)