Cybersecurity

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

Jan 17, 2024NewsroomSpyware / Forensic Analysis Cybersecurity researchers have identified a “lightweight method” called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator. Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in […]

Cybersecurity

Cyber tops business risk for enterprises worldwide, report finds

Dive Brief: A cyber event — such as ransomware, data breaches and IT disruptions – has become the top concern for U.S. businesses, replacing business interruption, according to the annual Allianz Risk Barometer, released Tuesday.  Cyber events are a leading global concern of businesses for the third-consecutive year, Allianz found. Business interruption and natural catastrophes […]

Cybersecurity

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

Jan 17, 2024NewsroomBrowser Security / Vulnerability Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. “By […]

Cybersecurity

Atlassian fixed critical RCE in older Confluence versions – Security Affairs

Atlassian fixed critical RCE in older Confluence versions Pierluigi Paganini January 16, 2024 Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution vulnerability, tracked as CVE-2023-22527 (CVSS score 10.0), in Confluence Data Center and Confluence Server […]

Cybersecurity

Ivanti spots ‘sharp increase’ in targeting of VPN as analysts find 1,700 devices exploited

Ivanti said it is seeing a spike in hackers targeting two recently disclosed vulnerabilities in its Connect Secure VPN product, as cybersecurity researchers also sized up the extent of the damage. Since issuing an advisory last week, “we have seen a sharp increase in threat actor activity and security researcher scans” concerning the bugs, an […]

Cybersecurity

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

Jan 17, 2024NewsroomVulnerability / Software Security GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the […]

Cybersecurity

Windows SmartScreen Bug Abused to Deploy Phemedrone Stealer | Cyware Hacker News

Trend Micro discovered a new attack campaign exploiting the now-patched security bypass bug (CVE-2023-36035) in Windows SmartScreen to spread a new strain of the Phemedrone Stealer. The malware targets cryptocurrency wallets and messaging apps, including Telegram, Steam, and Discord.  Diving into details The Phemedrone Stealer infection begins with the attacker placing a set of malicious […]