Security News > 2022 > June

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "MacOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a reboot," the company said in a statement on Monday.

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool, even as the Follina flaw continues to be exploited in the wild. The issue - referenced as DogWalk - relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".

Work smarter and safer from anywhere with Getflix VPN We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. If you travel for business, you should use a VPN to help you stay secure when you're using public Wi-Fi. But, you can't use a VPN that's going to slow down your browsing and throttle your traffic.

Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux' training course later this month. The course will prepare you for the Offensive Security Certified Professional certification exam, taught in person before the pandemic.

Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. While it is unknown how the campaign initially started, PIXM states victims arrived at phishing landing pages from a series of redirects originating from Facebook Messenger.

SSN is short for Social Security Number, which is effectively a US national ID number, and DOB translates into date of birth. Unfortunately knowing someone's SSN is a good starting point if you're an identity thief, because it can often be combined with other personal information to get past identity checks.

Several botnets are now using exploits targeting a critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. After proof-of-concept exploits were published online, cybersecurity firm GreyNoise said it detected an almost ten-fold increase in active exploitation, from 23 IP addresses attempting to exploit it to more than 200.

Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes. Google VP of engineering for privacy, safety and security Royal Hansen penned Google's latest take on the bill, which he said undermines Google's ability to secure its platforms and protect users.

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info, the malware will send it to command-and-control servers different than the ones the Emotet card stealer module.

The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. Cuba has listed three victims in April and one in May on its Tor site.