Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw,

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
« Apple is aware of a report that this issue may

,

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
« Apple is aware of a report that this issue may

, ,
https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html

China Accuses NSA’s TAO Unit of Hacking its Military Research University

China Accuses NSA’s TAO Unit of Hacking its Military Research University

,

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022.
The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at the USA’s

,

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022.
The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at the USA’s

, ,
https://thehackernews.com/2022/09/china-accuses-nsas-tao-unit-of-hacking.html

Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel,

A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a « Free Palestine » campaign.
Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were

,

A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a « Free Palestine » campaign.
Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were

, ,
https://thehackernews.com/2022/09/palestinian-hacktivist-group-ghostsec.html

Why Vulnerability Scanning is Critical for SOC 2

Why Vulnerability Scanning is Critical for SOC 2,

SOC 2 may be a voluntary standard, but for today’s security-conscious business, it’s a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box.
Security is critical for all organisations, including those that outsource key business operations to third parties like

,

SOC 2 may be a voluntary standard, but for today’s security-conscious business, it’s a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box.
Security is critical for all organisations, including those that outsource key business operations to third parties like

, ,
https://thehackernews.com/2022/09/why-vulnerability-scanning-is-critical.html

Meta veut combattre le vol de données en protégeant mieux les identifiants Facebook

Meta veut combattre le vol de données en protégeant mieux les identifiants Facebook,

,

Facebook scraping

Pour protéger la vie privée de ses utilisateurs, Meta va remplacer les identifiants Facebook dans les URL par des pseudonymes constitués à partir de l’identifiant d’origine et d’un horodatage.

L’article Meta veut combattre le vol de données en protégeant mieux les identifiants Facebook est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/meta-veut-combattre-le-vol-de-donnees-en-protegeant-mieux-les-identifiants-facebook.html

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices,

A number of firmware security flaws uncovered in HP’s business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure.
Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities « can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted

,

A number of firmware security flaws uncovered in HP’s business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure.
Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities « can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted

, ,
https://thehackernews.com/2022/09/high-severity-firmware-security-flaws.html

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents,

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015.
Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (

,

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015.
Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (

, ,
https://thehackernews.com/2022/09/iranian-apt42-launched-over-30.html

EvilProxy, le service tout-en-un qui permet aux pirates de casser votre authentification à double facteur

EvilProxy, le service tout-en-un qui permet aux pirates de casser votre authentification à double facteur,

,

Phishing

Plus besoin d’être un pirate de haut vol pour contourner l’authentification à double facteur des services en ligne. Dans le darkweb se multiplient les outils d’automatisation pour y arriver. Et ce n’est pas très cher.

L’article EvilProxy, le service tout-en-un qui permet aux pirates de casser votre authentification à double facteur est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/evilproxy-le-service-tout-en-un-qui-permet-aux-pirates-de-casser-votre-authentification-a-double-facteur.html

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania,

The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies.
« Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector

,

The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies.
« Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector

, ,
https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html

6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged

6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged,

Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you’re putting yourself and others at risk.
API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on

,

Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you’re putting yourself and others at risk.
API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on

, ,
https://thehackernews.com/2022/09/6-top-api-security-risks-favored.html