Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari,

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks

,

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks

, ,
https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security,

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
« We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns, » the company said in its Release Notes for Firefox 115.0 released last week.
The company

,

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
« We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns, » the company said in its Release Notes for Firefox 115.0 released last week.
The company

, ,
https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html

New TOITOIN Banking Trojan Targeting Latin American Businesses

New TOITOIN Banking Trojan Targeting Latin American Businesses,

Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023.
« This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage, » Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.
« These modules

,

Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023.
« This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage, » Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.
« These modules

, ,
https://thehackernews.com/2023/07/new-toitoin-banking-trojan-targeting.html

Global Retailers Must Keep an Eye on Their SaaS Stack

Global Retailers Must Keep an Eye on Their SaaS Stack,

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Securing those applications is crucial to ongoing operations, chain management,

,

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Securing those applications is crucial to ongoing operations, chain management,

, ,
https://thehackernews.com/2023/07/global-retailers-must-keep-eye-on-their.html

RomCom RAT Targeting NATO and Ukraine Support Groups

RomCom RAT Targeting NATO and Ukraine Support Groups,

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

,

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

, ,
https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html

Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

,

Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut’s U.S. and European systems, causing funds

, ,
https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

,

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China.
Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,

, ,
https://thehackernews.com/2023/07/two-spyware-apps-on-google-play-with-15.html

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

,

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website’s reputation, affect search results

, ,
https://thehackernews.com/2023/07/improve-your-security-wordpress-spam.html

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

,

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as « Letscall. » This technique is currently targeting individuals in South Korea.
The criminals behind « Letscall » employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects

, ,
https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

,

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

, ,
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html