Categories: Personal Tags: apple Tags: wanderlust Tags: cryptocurrency Tags: event Tags: BTC Tags: ETH Tags: fake We take a look at a cryptocurrency scam riding on the coat tails of the Apple Wonderlust event. |
The post iPhone 15 launch: Wonderlust scammers rear their heads appeared first on Malwarebytes Labs.
Read moreCategories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft’s September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited. |
The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. |
The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Tue, 12 Sep 2023 22:36:01 +0000
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.
Read more
Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.
Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”
Categories: Threat Intelligence Tags: amos Tags: apple Tags: malvertising Tags: atomic stealer Tags: wallets Tags: crypto Tags: mac While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well. |
The post Mac users targeted in new malvertising campaign delivering Atomic Stealer appeared first on Malwarebytes Labs.
Read more
Apple deployments are accelerating across the global enterprise, so it’s surprising that many organizations don’t properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It’s quite shocking.
That’s the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don’t have a formal Bring-Your-Own-Device (BYOD) policy in place. That’s bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.
It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.
This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.
Apple is continuing its expansion of Managed Apple IDs for business customers, giving them increased access to iCloud services and Apple Continuity features. Companies get iCloud backup and new syncing options (particularly for passwords, passkeys, and other enterprise credentials) — along with access to business-friendly Continuity features such as Universal Control.
But they could also lead to increased data sprawl and siloing. Ironically, those issues are typically related to shadow IT, even though they’re enterprise features. Let’s look at what’s going on and how enterprises can take advantage of these features and services without running into trouble.
Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today’s threat environment.
In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.
This is by no means a straightforward attack and hasn’t been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims.