#ios

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Nok Nok, an inventor of FIDO authentication standards, announces full support for passkeys in its S3 Authentication Suite that allows organizations to replace passwords.

Debian Linux Security Advisory 5260-1 - Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.

Categories: News Tags: week in security Tags: awis Tags: typosquatting Tags: cyberstalking Tags: Snapchat Tags: student loan relief scam Tags: Gas Tags: LAPSUS$ Tags: Microsoft Tags: Ducktail Tags: Venus Tags: ransomware Tags: BYOD Tags: SMB security tips Tags: Log4Text Tags: DeadBolt Tags: spot a scam Tags: FaceStealer Tags: fake tractor fraud Tags: ThermoSecure The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 17 - 23) appeared first on Malwarebytes Labs.

Software makers and customers will be able to query graph database for information about the security and provenance of components in applications and codebases.

At the Authenticate Conference, Google and Microsoft demonstrated their passkey prototypes. Apple, meanwhile, already launched its version in iOS 16.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m very excited about this video I’ve embedded below — it’s a project I’ve been working on with my team for a while now. Building off what I’ve written about in the past regarding fake news, this video examines what essentially equates to the propaganda being spread on social media during Russia’s invasion of Ukraine.  This includes everything from fake videos of soldiers dancing to Ukrainian laser cats and fairly convincing deepfake videos.  The Russia cybersecurity news doesn’t end there, either. State-sponsored actors have been busy over the past month, including the Killnet group, which recently targeted several U.S. local elections offices and major airports. So far, these cyber attacks don’t seem to have had any major effects or disruptions so far, but I just think it’s worth noting that these groups are just as active as ever, which is what the U.S. government has been warning us about sin...