Recent Security News

  • TrickBot malware dev pleads guilty, faces 35 years in prison

    December 1, 2023 at 04:52PM A Russian developer pleaded guilty to creating Trickbot malware, which has targeted global institutions since 2016. Arrested in South Korea, Vladimir Dunaev faces up to 35 years in prison. Trickbot, first for banking credential theft, evolved and was used by cybercrime groups before being disrupted by leaks. Summary: – Russian…

    Read More

  • Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

    December 1, 2023 at 04:33PM Apple has released critical updates for iOS, iPadOS, macOS, and Safari to fix two serious security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) potentially exploited in targeted attacks. The flaws, identified by Google’s ClĂ©ment Lecigne, affect a wide range of Apple devices and could allow data access and code execution. Concurrently, Google patched…

    Read More

  • North Korea APT Slapped With Cyber Sanctions After Satellite Launch

    December 1, 2023 at 04:08PM The US Treasury sanctioned North Korean cyberespionage group Kimsuky, hindering DPRK’s WMD program by disrupting revenue and intelligence gathering. Kimsuky, active since 2013, remains resilient despite sanctions from the US and allies. Greater awareness and cybersecurity are needed to combat North Korea’s cyber threats. Meeting Takeaways: 1. The US Department…

    Read More

  • Critical ‘LogoFAIL’ Bugs Offer Secure Boot Bypass for Millions of PCs

    December 1, 2023 at 04:01PM “LogoFAIL” exposes critical vulnerabilities in the PC’s UEFI ecosystem, impacting most devices worldwide, including those from top manufacturers. The flaw affects image-parsing during boot-up, enabling attackers to bypass security like Secure Boot. Binarly Research found that compromised images in the boot process could allow persistent malicious control. Vendor patches are…

    Read More

  • UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

    December 1, 2023 at 03:15PM Security experts have found vulnerabilities in major firmware vendors’ UEFI systems, named “LogoFail,” which could allow attackers to deliver bootkits through unsecured BIOS image parsers, affecting many consumer and enterprise devices. This threat is undetectable by current security measures and impacts major IBVs and brands across x86 and ARM platforms.…

    Read More