Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild.
The shortcomings have been fixed as part...
Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks
CISA urges organizations using affected technologies to implement recommended mitigation measures....
Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks....
Ransomware: Should Companies Ever Pay Up?
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?...
Companies Going to Greater Lengths to Hire Cybersecurity Staff
The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break some hiring rules. ...
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a...
Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The...
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account.
According to cybersecurity firm Praetorian,...
Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds
Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD...
New Python-based Ransomware Targeting JupyterLab Web Notebooks
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via...