#apple

Categories: News Tags: stalkerware Tags: tracking Tags: intimate partner tracking Tags: spying Tags: stalkerware-type Tags: stalkerware-type app Tags: monitoring app Tags: monitoring Tags: Everyone's afraid of the internet Tags: privacy Tags: parenthood North America has a spying problem. Its perpetrators are everyday people. (Read more...) The post Stalkerware activity drops as glaring spying problem is revealed appeared first on Malwarebytes Labs.

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.

ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.

An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.

Webedition CMS version 2.9.8.8 suffers from a blind server-side request forgery vulnerability.

WordPress Sonaar Music plugin version 4.7 suffers from a persistent cross site scripting vulnerability.

Coppermine Gallery version 1.6.25 remote code execution exploit.

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.”