If your organization uses servers that are equipped with baseboard management controllers from Supermicro, it’s time, once again, to patch seven high-severity vulnerabilities that attackers could exploit to gain control of them. And sorry, but the fixes must be installed manually.
Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.
Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential candidate with sophisticated spyware developed by a commercial exploit seller, Google and researchers from Citizen Lab said Friday.
Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.
North Korea-backed hackers are once again targeting security researchers with a zero-day exploit and related malware in an attempt to infiltrate computers used to perform sensitive investigations involving cybersecurity.
Devices like the Flipper Zero can send out pre-programmed radio signals that can cause an iPhone to open a disruptive interface, effectively being attacked into temporary uselessness.
Apple products like the iPhone have various communication tools like Wi-Fi, Bluetooth, NFC, and Ultra Wideband to make pairing and using accessories easier. These tools are what make systems like AirDrop and fast AirPods pairing possible.
United Airlines said Tuesday that a software update triggered a glitch that forced it to halt departures nationwide, briefly crippling one of the nation’s biggest carriers on a busy travel day.
Federal officials said United crews had been unable to contact airline dispatchers through normal means. “A software update caused a widespread slowdown in United’s technology systems,” United UAL, -2.51% said in a statement. The airline said it was not a cybersecurity issue.
Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access.
An unknown advanced persistent threat group has been observed attacking organizations in Asia, particularly Hong Kong, using commercial software to deploy “backdoor” malware.
Dubbed “CarderBee” by researchers at Symantec, the hacking group uses Cobra DocGuard Client, a software package designed to allow users to access and manage their Consolidated Omnibus Budget Reconciliation Act documents to gain access to victim’s machines.
Ukrainian hackers claim to have broken into the email account of a senior Russian politician and exposed documents that allegedly prove his involvement in money laundering and sanction evasion schemes.
