Apple announces a “major evolution” of the Apple Security Bounty program, doubling its top award to $2M for exploit chains that could be abused for spyware
$2M Top Payout Usman Qureshi / iPhone in Canada : Apple Doubles Security Bounty Rewards to $2 Million Bill Toulas / BleepingComputer : Apple now offers $2 million for zero-click RCE vulnerabilities Ti...
Microsoft's new version of Recall appears to still capture sensitive data like credit card numbers, even with the default “sensitive information” filter enabled
it's now possible to try the controversial Copilot feature Christian Guyton / TechRadar : Microsoft Recall offers a ‘sensitive information filter’ to avoid saving your credit card details - but whoops...
Google releases patches for 46 Android security vulnerabilities, including a kernel zero-day the company says “may be under limited, targeted exploitation”
August 2024 Dwaipayan Roy / NewsBytes : Google fixes zero-day vulnerability in Android kernel Zak Doffman / Forbes : Samsung Issues Critical Update For Millions Of Galaxy Users—Google Confirms New Att...
Amazon, Google, and Cloudflare say a DDoS attack hit 398M RPS in August 2023, ~8x larger than the prior record, due to a new flaw; Google mitigated the attack
Assigner: Mitre Published: 2023-10-10Updated: 2023-10-11 The HTTP/2 protocol allows … Bill Toulas / BleepingComputer : New ‘HTTP/2 Rapid Reset’ zero-day attack breaks DDoS records Lucas Pardue / The C...
Apple releases emergency security updates for iOS, iPadOS, macOS, and watchOS to patch three zero-day vulnerabilities, for a total of 16 zero-days fixed in 2023
Attacks Underway Lance Whitney / ZDNet : Apple issues emergency security updates for iPhone, iPad, and Apple Watch Kevin Poireault / Infosecurity : mWISE: Why Zero Days Are Set for Highest Year on Rec...
Citizen Lab and Microsoft detail mercenary spyware from Tel Aviv-based QuaDream used to hack iOS 14-based iPhones of journalists, politicians, and an NGO worker
why didn't Apple warn us? Wall Street Journal : New Spyware Firm Said to Have Helped Hack iPhones Around the Globe Phil Muncaster / Infosecurity : New Zero-Click iOS Exploit Deploys Israeli Spyware Ed...
Acer confirms that one of its document servers was breached, after a hacker listed for sale 160GB of alleged slides, staff manuals, binary files, and more
Eduard Kovacs / SecurityWeek :
The US, France, Italy, and others warn about a ransomware attack on VMware ESXi servers, despite a February 2021 patch; Censys: 3,200+ servers have been hacked
Description OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551 … Edward Hawkins / VMware Security Blog : VMware Security Response Center (vSRC) Response to ‘ESXiArgs’ Ransomware Attacks Elvira Pol...
Uber takes some internal systems offline to investigate a network breach; Yuga Labs' Sam Curry says it appears the hacker pretty much has “full access to Uber”
what you need to know Msmash / Slashdot : Uber Investigating Breach of Its Computer Systems Prajeet Nair / BankInfoSecurity.com : Uber Probes Breach After Hacker Boasts About Intrusion Michael Hill / ...
CISA Director Jen Easterly says the Log4j flaw likely affects hundreds of millions of devices and may be the most serious bug she has seen in her career
A vulnerability in a widely used Apache library … Ncsc-Nl / GitHub : Log4j overview related software Kyle Alspach / VentureBeat : Log4j exploits attempted on 44% of corporate networks; ransomware payl...