Apple attack, Conti hits Parker, iPhone vuln, and more.

Infosec Overnights - Daily Security News

Paul Torgersen द्वारा प्रदान की गई सामग्री. एपिसोड, ग्राफिक्स और पॉडकास्ट विवरण सहित सभी पॉडकास्ट सामग्री Paul Torgersen या उनके पॉडकास्ट प्लेटफ़ॉर्म पार्टनर द्वारा सीधे अपलोड और प्रदान की जाती है। यदि आपको लगता है कि कोई आपकी अनुमति के बिना आपके कॉपीराइट किए गए कार्य का उपयोग कर रहा है, तो आप यहां बताई गई प्रक्रिया का पालन कर सकते हैं https://hi.player.fm/legal।

2y ago 2:40

MP3•एपिसोड होम

संग्रहीत श्रृंखला ("निष्क्रिय फ़ीड" status)

When? This feed was archived on May 25, 2023 16:09 (11M ago). Last successful fetch was on July 29, 2022 18:35 (1+ y ago)

Why? निष्क्रिय फ़ीड status. हमारे सर्वर निरंतर अवधि के लिए एक वैध डिजिटल ऑडियो फ़ाइल फ़ीड पुनर्प्राप्त करने में असमर्थ थे।

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

A daily look at the relevant information security news from overnight.
Episode 238 - 17 May 2022
Apple attack - https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Conti hits Parker -
https://www.infosecurity-magazine.com/news/parker-conti-ransomware/
Tesla BLE - https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
Card skimming - https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
iPhone vulv- https://threatpost.com/iphones-attack-turned-off/179641/
Hi, I’m Paul Torgersen. It’s Tuesday May 17th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watches. The flaw is an out-of-bounds write issue in the AppleAVD, the kernel extension for audio and video decoding. Apple says it is likely this has already been exploited in the wild.
From Infosecurity-magazine.com:
US manufacturer Parker-Hannifin has announced a data breach exposing employees’ PII after being the target of a Conti ransomware attack. The company said that an unauthorized third party gained access to its IT systems between 11 and 14 of March this year. On the plus side, if you‘re information was involved, you just got two free years of identity theft monitoring.
From BleepingComputer.com:
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. What target devices, you ask? Teslas. Details in the article.
From ZDNet.com:
The FBI put out a warning that someone is scraping credit card data from the checkout pages of US businesses' websites. The bad actor is injecting malicious PHP Hypertext Preprocessor code into the business' online checkout page and sending the scraped data to a server that spoofed a legitimate card processing server. They also left a backdoor into the victims system.
And last today, from ThreatPost.com
Because of how Apple implements standalone wireless features such as Bluetooth, Near Field Communication and Ultra-wideband technologies, researchers have found that iPhones are vulnerable to malware loading attacks even when the device is turned off. The root cause of the issue is how iPhones implement low power mode for wireless chips. No comment yet from Apple, but there is a link to the research report in the article.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.

221 एपिसोडस

#Security #Software Development #Paul Torgersen #Security News #Tech #News #Tech News