LottieFiles hacked in supply chain attack to steal users’ crypto

October 31, 2024 at 04:10PM LottieFiles’ Lotti-Player project was compromised in a supply chain attack, injecting a crypto drainer into websites, potentially costing one victim $723,000 in Bitcoin. Affected versions were quickly replaced with a secure update. Users are advised to upgrade or be cautious of fraudulent wallet connection requests amid ongoing investigations into the … Read more

Recent Version of LightSpy iOS Malware Packs Destructive Capabilities

October 30, 2024 at 07:05AM A recent update of the LightSpy malware for iOS introduces more than a dozen new plugins, some featuring destructive capabilities. This development raises concerns about the malware’s potential impact on device security. **Meeting Takeaways:** 1. **Update on LightSpy Malware**: A newer version of the LightSpy malware specifically designed for iOS … Read more

US, Australia Release New Security Guide for Software Makers

October 25, 2024 at 08:46AM CISA, FBI, and ACSC have released guidance aimed at assisting software manufacturers in creating secure deployment processes. This new security guide aims to strengthen the safety and reliability of software applications. The information was shared in a report by SecurityWeek. **Meeting Takeaways:** 1. **Publication of Guidance**: CISA (Cybersecurity and Infrastructure … Read more

About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 – Apple Support

October 15, 2024 at 02:09PM An authentication vulnerability (CVE-2024-27867) in certain AirPods and Beats models allows attackers within Bluetooth range to spoof connections to headphones. A firmware update addressing this issue is available for AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro, effective June 25, 2024. ### Meeting … Read more

About the security content of tvOS 17.6 – Apple Support

October 15, 2024 at 01:51PM Apple released a security update for tvOS 17.6 on July 29, 2024, addressing several vulnerabilities (CVE-2024-40774, 40799, 40815, etc.) that could allow apps to bypass privacy settings, cause app terminations, reveal kernel memory layout, or enable cross-site scripting attacks. Update is available for Apple TV HD and 4K models. ### … Read more

AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks

May 21, 2024 at 08:06PM Top AI companies including Google, Meta, and OpenAI made voluntary safety commitments at the AI Seoul Summit, agreeing to pull the plug on their cutting-edge systems in extreme cases. World leaders also pledged to establish safety institutes and align their work on AI research. The meeting aims to address the … Read more

Introducing the NetBeacon Institute: Empowering a Safer Web

May 6, 2024 at 05:18PM The DNS Abuse Institute has transformed into the NetBeacon Institute, focusing on combating online technical abuse. It offers free innovative solutions, education, and collaboration opportunities to domain industry stakeholders. The flagship programs, NetBeacon MAP and NetBeacon Reporter, have been expanded to better measure and report on DNS Abuse. The Institute … Read more

IP address X-posure now a feature on Musk’s social media platform

March 5, 2024 at 11:27AM Audio and video calling features initially for X Premium users on Elon Musk’s Twitter are now available to all users, but concerns about IP exposure have emerged. Enabling the features could potentially expose users to trolls and make tracking easier. Enhanced call privacy is disabled by default, and users are … Read more

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

December 1, 2023 at 04:33PM Apple has released critical updates for iOS, iPadOS, macOS, and Safari to fix two serious security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) potentially exploited in targeted attacks. The flaws, identified by Google’s Clément Lecigne, affect a wide range of Apple devices and could allow data access and code execution. Concurrently, Google patched … Read more

About the security content of iOS 17.1.2 and iPadOS 17.1.2 – Apple Support

November 30, 2023 at 01:42PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that potentially leaked information and allowed code execution on older iOS versions. Updates for iPhones starting from XS and various iPad models are available to mitigate these issues. Reported exploitation exists against iOS versions before 16.7.1. Meeting Takeaways: 1. Apple has addressed … Read more