Apple announces a “major evolution” of the Apple Security Bounty program, doubling its top award to $2M for exploit chains that could be abused for spyware
$2M Top Payout Usman Qureshi / iPhone in Canada : Apple Doubles Security Bounty Rewards to $2 Million Bill Toulas / BleepingComputer : Apple now offers $2 million for zero-click RCE vulnerabilities Ti...
Oracle urges customers to patch an E-Business Suite vulnerability that cybercriminals are exploiting; Google's Mandiant says the Clop hacking group exploited it
AWAITING ANALYSIS — This CVE record has been marked for NVD enrichment efforts. CrowdStrike : CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracke...
US customers of Kaspersky antivirus find that UltraAV was installed remotely to replace Kaspersky on their PCs, after a Kaspersky deal with UltraAV owner Pango
switchover caught many users by surprise Ernestas Naprys / Cybernews.com : Kaspersky users shocked by automatic antivirus replacement without explicit permission Sofia Elizabella Wyciślik-Wilson / Bet...
Apple releases emergency security updates for iOS, iPadOS, macOS, and watchOS to patch three zero-day vulnerabilities, for a total of 16 zero-days fixed in 2023
Attacks Underway Lance Whitney / ZDNet : Apple issues emergency security updates for iPhone, iPad, and Apple Watch Kevin Poireault / Infosecurity : mWISE: Why Zero Days Are Set for Highest Year on Rec...
FireEye releases a free tool that audits networks to determine whether certain techniques, known to be employed by SolarWinds hackers, were used
Focusing on UNC2452 TTPs Lily Hay Newman / Wired : The SolarWinds Hackers Used Tactics Other Groups Will Copy Zeljka Zorz / Help Net Security : Malwarebytes was breached by the SolarWinds attackers Al...
Microsoft: “Adrozek” malware campaign is distributing an ad-injecting browser modifier which changes security settings; Chrome, Firefox, Edge, Yandex at risk
what to do now Luke Jones / WinBuzzer : Microsoft Edge, Chrome, and Firefox Being Hit By “Adrozek” Attacks Usama Jawad / Neowin : Microsoft issues warning about malware campaign infecting Chrome, Edge...
Report: UN did not tell the public nor its general staff about a hacking attack into its IT systems from last July, despite staff records being compromised
and then tried to cover it up Associated Press : Leaked report shows United Nations suffered hack Lindsey O'Donnell / Threatpost : U.N. Hack Stemmed From Microsoft SharePoint Flaw Igor Bonifacic / Eng...
iOS 12 officially launches out of beta, with faster performance, Screen Time, smarter notifications, Memoji, Siri Shortcuts, improved privacy in Safari, more
Want to roll your iPhone back to iOS 11? Jason Cipriani / CNET : iOS 12: Getting to know Screen Time and stronger parental controls Jonny Evans / Computerworld : 9+ iOS 12 security improvements you sh...
Spectre researcher Daniel Gruss says attacks work “super-reliably” on AMD CPUs, despite the company claiming “near zero risk” due to different architecture
Meltdown and Spectre Security Attacks Haunt Chip Industry Zeljka Zorz / Help Net Security : Meltdown and Spectre: Data theft hardware bugs affect most modern CPUs Robert Graham / Errata Security : Som...
FDA recalls around 465,000 St. Jude Medical pacemaker models in US, many implanted in patients, for firmware patching of vulnerabilities; OTA fix not an option
Abbott Laboratories' Accent/Anthem … Kate Conger / Gizmodo : If Grandma Has a Pacemaker, Please Take Her in For a Firmware Update Lisa Vaas / Naked Security : Pacemaker gets firmware update - go and s...