Recent Security News
-
Cactus ransomware exploiting Qlik Sense flaws to breach networks
November 30, 2023 at 02:06PM Cactus ransomware targets Qlik Sense analytics platform vulnerabilities for network access, exploiting unpatched systems to gain control, download tools, and deploy ransomware. Updates have been released to address critical flaws; users are advised to install designated patches. Arctic Wolf reports Cactus uses advanced techniques for persistence, lateral movement, and data…
-
About the security content of Safari 17.1.2 – Apple Support
November 30, 2023 at 01:54PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) affecting pre-iOS 16.7.1 devices. Improved validation fixes an out-of-bounds read and improved locking resolves a memory corruption issue. Updates are available for macOS Monterey and Ventura. Potential exploitation of both issues has been reported. Takeaways from the meeting: 1. An Apple advisory…
-
Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks
November 30, 2023 at 01:46PM Over a decade after the Stuxnet attack, PLCs remain vulnerable due to users not implementing security controls or firmware updates. Researchers bypassed Siemens’ protocol obfuscation, exposing risks in legacy systems. Siemens advises upgrading to newer firmware with TLS and applying stronger security protocols. Meeting Takeaways: 1. Vulnerability to Stuxnet: –…
-
About the security content of iOS 17.1.2 and iPadOS 17.1.2 – Apple Support
November 30, 2023 at 01:42PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that potentially leaked information and allowed code execution on older iOS versions. Updates for iPhones starting from XS and various iPad models are available to mitigate these issues. Reported exploitation exists against iOS versions before 16.7.1. Meeting Takeaways: 1. Apple has addressed…
-
About the security content of macOS Sonoma 14.1.2 – Apple Support
November 30, 2023 at 01:42PM Apple fixed two WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) affecting macOS Sonoma that could disclose sensitive info or execute arbitrary code; possibly exploited in iOS pre-16.7.1. Release on 2023-11-30, addressed via improved input validation and locking. Meeting Takeaways: 1. A recent Apple security document with ID HT214032 was discussed. 2. Two vulnerabilities…