Cybersecurity

⚒️ FIXED IN iOS and iPadOS 18.3 ⚒️

• 5 bugs in AirPlay
• 3 bugs in CoreAudio
• 3 bugs in CoreMedia
• 3 bugs in WebKit
  and 15 other vulnerabilities fixed
  https://support.apple.com/en-us/122066

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Sequoia 15.3 - 61 bugs fixed
https://support.apple.com/en-us/122068
💻 macOS Sonoma 14.7.3 - 41 bugs fixed
https://support.apple.com/en-us/122069
💻 macOS Ventura 13.7.3 - 31 bugs fixed
https://support.apple.com/en-us/122070
📱 iOS and iPadOS 18.3 - 29 bugs fixed
https://support.apple.com/en-us/122066
⌚ watchOS 11.3 - 18 bugs fixed
https://support.apple.com/en-us/122071
📺 tvOS 18.3 - 18 bugs fixed
https://support.apple.com/en-us/122072
📱 iPadOS 17.7.4 - 17 bugs fixed
https://support.apple.com/en-us/122067
🌐 Safari 18.3 - 7 bugs fixed
https://support.apple.com/en-us/122074

#apple #cybersecurity #infosec #security #ios

190 million people in America were affected by last year’s ransomware attack on UnitedHealth — nearly double previous estimates. @Techcrunch has more:

https://flip.it/orIBk-

#Tech #UnitedHealthCare #Technology #Ransonware #CyberSecurity

🔄 1 ENTRY CHANGE 🔄

📱 iOS and iPadOS 18 - 1 updated
https://support.apple.com/en-us/121250

#apple #cybersecurity #infosec #security #ios

"A pseudonymous coder has created and released an open source “tar pit” to indefinitely trap AI training web crawlers in an infinitely, randomly-generating series of pages to waste their time and computing power. The program, called Nepenthes after the genus of carnivorous pitcher plants which trap and consume their prey, can be deployed by webpage owners to protect their own content from being scraped or can be deployed “offensively” as a honeypot trap to waste AI companies’ resources.

“It's less like flypaper and more an infinite maze holding a minotaur, except the crawler is the minotaur that cannot get out. The typical web crawler doesn't appear to have a lot of logic. It downloads a URL, and if it sees links to other URLs, it downloads those too. Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself,” Aaron B, the creator of Nepenthes, told 404 Media.

“Of course, these crawlers are massively scaled, and are downloading links from large swathes of the internet at any given time,” they added. “But they are still consuming resources, spinning around doing nothing helpful, unless they find a way to detect that they are stuck in this loop.”"

https://www.404media.co/developer-creates-infinite-maze-to-trap-ai-crawlers-in/

#AI #GenerativeAI #AITraining #WebCrawling #CyberSecurity

"Parents, students, teachers, and administrators throughout North America are smarting from what could be the biggest data breach of 2025: an intrusion into the network of a cloud-based service storing detailed data of millions of pupils and school personnel.

The hack, which came to light earlier this month, hit PowerSchool, a Folsom, California, firm that provides cloud-based software to some 16,000 K–12 schools worldwide. The schools serve 60 million students and employ an unknown number of teachers. Besides providing software for administration, grades, and other functions, PowerSchool stores personal data for students and teachers, with much of that data including Social Security numbers, medical information, and home addresses."

https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/

#USA #CyberSecurity #DataBreaches #Schools #CloudComputing

Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed where all communication appears to be coming from "google".

ref. https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

#infosec #cybersecurity

Check out the program for the Software Heritage Symposium 2025, featuring panels on #CyberSecurity, #AI transparency, #openscience, and more. Join us in Paris or online: https://www.softwareheritage.org/2024/11/19/software-heritage-2025-symposium-summit/

SonicWall alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series.

#Network #cybersecurity #DataSecurity #vulnerability

https://cnews.link/sonicwall-warns-about-critical-vulnerability-1/

How ready is the open source community for cybersecurity regulations? 🛡️

Take our Cyber Resiliency Survey to share your insights on the Cyber Resilience Act and ways to support contributors in meeting security standards.

📋 Take the survey now: https://www.research.net/r/MR35RMF
#CyberResilience #OpenSource #CyberSecurity

"This decision sheds light on the government’s liberal use of what is essential a “finders keepers” rule regarding your communication data. As a legal authority, FISA Section 702 allows the intelligence community to collect a massive amount of communications data from overseas in the name of “national security.” But, in cases where one side of that conversation is a person on US soil, that data is still collected and retained in large databases searchable by federal law enforcement. Because the US-side of these communications is already collected and just sitting there, the government has claimed that law enforcement agencies do not need a warrant to sift through them. EFF argued for over a decade that this is unconstitutional, and now a federal court agrees with us."

https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional

#USA #Surveillance #PoliceState #Section702 #Backdoors #CyberSecurity #Privacy

▪️ @[email protected] research ▪️ Entire Georgian country population exposed in a massive data leak.

#cybersecurity #datasecurity #dataprivacy #database #Georgia

https://cnews.link/entire-georgian-country-population-exposed-3/

International AIDS Vaccine Initiative (IAVI), a global non-profit working to develop vaccines for AIDS and HIV, had people’s sensitive details stolen.

#cybersecurity #vaccines #AIDS #HIV #DataSecurity #infosec

https://cnews.link/aids-vaccine-non-profit-hacker-attack-1/

A nuclear war would dominate news and social media until the end. Cyber warfare, though less visible, is already underway, experts say.

#cybersecurity #nuclear #news #cybercrime #infosec

https://cnews.link/wef-cyber-frontlines-war-cybersecurity-cloudflare-1/

Nearly 50,000 vulnerable Fortinet devices are still accessible online despite the rushed patch addressing a widely exploited zero-day.

#cybersecurity #vulnerability #Fortinet #Security

https://cnews.link/nearly-50k-fortinet-devices-left-unpatched-widely-exploited-1/

Fewer than 10% of companies paying a ransom recover all their data, a Hiscox survey reveals.

#cybersecurity #data #ransom #cybercrime #cyberattack

https://cnews.link/ransomware-attacks-increase-data-recovery-survey-1/

American Standard is allegedly breached by RansomHub⤵️
#ransomware #cybersecurity #infosec

https://cnews.link/american-standard-ransomware-attacked-ransomhub/

Davos leaders outlined bold plans to address cyber threats, from AI risks to geopolitical tensions, stressing digital resilience.

#AI #risks #Technology #cybersecurity #cyberthreats

https://cnews.link/world-economic-forum-cyber-complexity-1/

Cloudflare saw the number of distributed DDoS attacks surge by 53% in 2024. One record-breaking DDoS attack peaked at 5.6 Tbps.

#DDoS #cyberattack #cybersecurity #cybercrime #server

https://cnews.link/largest-ddos-attacks-torture-servers-with-5tbps-1/

Rostelecom, a major Russian telecommunications provider, says it’s investigating a cyberattack on one of its contractors.

#Russia #telecommunications #cyberattack #cybersecurity #Hacked

https://cnews.link/rostelecom-russia-telecom-data-leak-1/

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."

The vulnerability was leaked by #ASUS in their beta BIOS changelog:

https://web.archive.org/web/20250106151231/https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/

ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.

#infosec #cybersecurity

🧪 NEW BETA RELEASES 🧪

📱 iOS 18.3 RC (22D60)
📱 iPadOS 17.7.4 RC (21H414)
📱 iPadOS 18.3 RC (22D60)
💻 macOS 15.3 RC (24D60)
📺 tvOS 18.3 RC (22K557)
🥽 visionOS 2.3 RC (22N896)
⌚ watchOS 11.3 RC (22S553)

#apple #cybersecurity #infosec #security #ios

The Medusa ransomware group has claimed an attack on Gateshead Council in North East England.

Learn what you need to know about the Medusa ransomware, in my article on the Tripwire blog:

https://www.tripwire.com/state-of-security/medusa-ransomware-what-you-need-know

#ransomware #cybersecurity

Researchers found two Office 365 campaigns stealing data and deploying ransomware, linked to Russian cybercriminals.

#Microsoft #teams #CyberSecurity #ransomware #cybercrime #Russian

https://cnews.link/russian-hackers-ransomware-microsoft-teams-sophos-3/

A new ransomware variant has appeared on various underground forums.

#ransomware #CyberSecurity #Hacking #cybercrime

https://cnews.link/dangerous-new-nnice-ransomware-laughs-at-victims-1/