Apple pushes out iOS security update that’s more tight-lipped than ever
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good…
Cyber News, Cyber Threat Trends
- December 2, 2022
Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid
At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Cyber News, Cyber Threat TrendsExistential Risk and the Fermi Paradox
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but […]
Cyber News, Cyber Threat Trends
- December 2, 2022
Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed “Hell’s Keychain” by cloud security firm Wiz, has been described as a “first-of-its-kind supply-chain attack vector impacting a
Cyber News, Cyber Threat Trends
- December 2, 2022
The Value of Old Systems
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive […]
Cyber News, Cyber Threat Trends
- December 2, 2022
CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. “Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
Cyber News, Cyber Threat Trends
- December 2, 2022
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. “A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image,” a report […]
Cyber News, Cyber Threat Trends‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity
First used as botnets, their lucrative nature turned them into independent criminal enterprises
Cyber News, Cyber Threat TrendsGoogle Increases Android Security With Memory-Safe Programming Languages
The number of memory safety vulnerabilities in Android dropped from 223 in 2019 to 85 in 2022
Cyber News, Cyber Threat Trends