#mac

Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice

Gentoo Linux Security Advisory 202312-3 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 102.12 are affected.

Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.

Ubuntu Security Notice 6560-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

Apple Security Advisory 12-19-2023-1 - macOS Sonoma 14.2.1 addresses a session tracking issue.

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

By Waqas With cybercriminals continuously evolving their strategies to target sensitive data with sophisticated attacks, data security has become a… This is a post from HackRead.com Read the original post: Biggest Data Security Threats for Businesses: Strategies to Strengthen Your Defense

By Waqas As you look ahead to 2024, the landscape of physical security is evolving rapidly, with new trends emerging… This is a post from HackRead.com Read the original post: 2024 Trends for Securing Your Business Premises: Essential Strategies and Technologies