Apple recently released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation which has been active since 2019. The exact threat actor behind the activity is not known. (The Hacker News)
| "A rise in Apple and Mobile vulnerabilities has been observed as of late, with spyware such as Pegasus serving as a prime example. Zero-click vulnerabilities pose a significant risk due to their ability to execute without user interaction. After discovering the vulnerability and crafting the exploit, a threat actor’s sole requirement is gaining possession of the victim’s phone number or email address that is associated with the vulnerable application. This makes it even more critical that we are mindful of security patches for mobile devices as soon as they are available.” – Craig Flynn, SOC Analyst Lead at Ingalls Information Security |
Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion. (Help Net Security)
Mozilla Foundation has released Firefox 115 to its stable channel. The update addresses several high-level vulnerabilities. One of them, CVE-2023-37201, involved a use-after-free issue in WebRTC certificate generation. “An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS,” Mozilla wrote. Another CVE-2023-37202 is a use-after-free vulnerability resulting from a compartment mismatch in SpiderMonkey (the JavaScript engine used by Firefox). (Infosecurity Magazine)
Insight into how the human mind works can help combat the evils of social engineering, boosting the fight against phishing and other mind-manipulation techniques. (CSO)
As 40% of consumers harbor skepticism regarding organizations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First.
Furthermore, consumers request increased data protection from vendors, with 55% favoring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies. (Help Net Security)