Recent Security News
-
Apple fixes two new iOS zero-days exploited in attacks on iPhones
March 5, 2024 at 04:36PM Apple issued emergency security updates to address two iOS zero-day vulnerabilities that allowed for attacks on iPhones, with potential exploitation acknowledged. The bugs in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296) enabled attackers to bypass kernel memory protections. The company updated affected devices and advised immediate installation of the updates.…
-
Apple Blunts Zero-Day Attacks With iOS 17.4 Update
March 5, 2024 at 04:00PM Apple released urgent iOS updates, including iOS 17.4 and iPadOS 17.4, to address multiple security flaws and potential zero-day exploits in the wild. The vulnerabilities, including kernel and RTKit issues, could bypass memory protections. Additionally, the company patched privacy flaws and warned of more fixes to come. Exploited iOS versions…
-
US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials
March 5, 2024 at 04:00PM The Treasury Department sanctioned a Greece-based spyware company, Intellexa Consortium, and its associated entities for developing and distributing spyware tools known as Predator targeting U.S. government officials and journalists. The sanctions mark the first time for misusing spyware, and the Commerce Department had previously blacklisted these entities. The spyware allows…
-
North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware
March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly.…