iPhone 15 launch: Wonderlust scammers rear their heads

Categories: Personal

Tags: apple

Tags: wanderlust

Tags: cryptocurrency

Tags: event

Tags: BTC

Tags: ETH

Tags: fake

We take a look at a cryptocurrency scam riding on the coat tails of the Apple Wonderlust event.

(Read more…)

The post iPhone 15 launch: Wonderlust scammers rear their heads appeared first on Malwarebytes Labs.

Read more

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Adobe

Tags: Android

Tags: Apple

Tags: Chrome

Tags: SAP

Tags: Exchange

Tags: Visual Studio

Tags: CVE-2023-36761

Tags: CVE-2023-36802

Tags: CVE-2023-29332

Tags: Azure

Microsoft’s September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited.

(Read more…)

The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.

Read more

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

Categories: Exploits and vulnerabilities

Categories: News

Tags: Blastpass

Tags: citizenlab

Tags: pegasus

Tags: nso

Tags: cisa

Tags: apple

Tags: cve-2023-41064

Tags: cve-2023-41061

Tags: buffer overflow

CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities.

(Read more…)

The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Credit to Author: BrianKrebs| Date: Tue, 12 Sep 2023 22:36:01 +0000

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Read more

Message to IT: Update all your Apple devices right away

Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

To read this article in full, please click here

Read more

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Categories: Threat Intelligence

Tags: amos

Tags: apple

Tags: malvertising

Tags: atomic stealer

Tags: wallets

Tags: crypto

Tags: mac

While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well.

(Read more…)

The post Mac users targeted in new malvertising campaign delivering Atomic Stealer appeared first on Malwarebytes Labs.

Read more

With BYOD comes responsibility — and many firms aren't delivering

Apple deployments are accelerating across the global enterprise, so it’s surprising that many organizations don’t properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It’s quite shocking.

That’s the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don’t have a formal Bring-Your-Own-Device (BYOD) policy in place. That’s bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.

To read this article in full, please click here

Read more

New law could turn UK into a hacker's playground

It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.

A poor law

This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.

To read this article in full, please click here

Read more

Managed Apple IDs, iCloud, and the shadow IT connection

Apple is continuing its expansion of Managed Apple IDs for business customers, giving them increased access to iCloud services and Apple Continuity features. Companies get iCloud backup and new syncing options (particularly for passwords, passkeys, and other enterprise credentials) — along with access to business-friendly Continuity features such as Universal Control.

But they could also lead to increased data sprawl and siloing. Ironically, those issues are typically related to shadow IT, even though they’re enterprise features. Let’s look at what’s going on and how enterprises can take advantage of these features and services without running into trouble.

To read this article in full, please click here

Read more

Jamf Threat Labs subverts iPhone security with fake Airplane Mode

Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today’s threat environment.

When Airplane mode isn’t Airplane mode

In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.

This is by no means a straightforward attack and hasn’t been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims. 

To read this article in full, please click here

Read more