Security News > 2023 > June

Apple announced on Monday at WWDC 2023 its much anticipated Vision Pro augmented reality device, which CEO Tim Cook promised would be a revolutionary advance. During the keynote, Apple also announced iOS 17, macOS 14 Sonoma, iPadOS 17, new Apple Watch features and an array of hardware upgrades.

Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. This outage follows two major outages yesterday, creating widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile Outlook app.

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission charges over Children's Online Privacy Protection Act violations. COPPA is a U.S. federal law designed to protect the privacy of children under the age of 13 on the internet by requiring parental consent, the ability to review and ask for the deletion of the child's personal information, the ability to refuse data collection, implement security protections for the collected information, and more when registering online accounts.

Stealer logs represent one of the primary threat vectors for modern companies. Threat actors who purchase stealer logs have the responsibility of distributing the malware to victims.

Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. The new security patch level 2023-06-05 integrates a patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google's Threat Analysis Group believes it may have been used in a spyware campaign targeting Samsung phones.

Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. The new security patch level 2023-06-05 integrates a patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google's Threat Analysis Group believes it may have been used in a spyware campaign targeting Samsung phones.

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. The Romanian cybersecurity company said it has discovered 60,000 unique apps carrying the adware, with a majority of the detections located in the U.S., South Korea, Brazil, Germany, the U.K., France, Kazakhstan, Romania, and Italy.

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. PowerDrop was discovered by Adlumin, who last month found a sample of the malware in the network of a defense contractor in the U.S. The firm reports that PowerDrop uses PowerShell and WMI to create a persistent RAT on the breached networks.

Verizon Business today released the results of its 16th annual Data Breach Investigations Report, which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware - malicious software that encrypts an organization's data and extorts large sums of money to restore access.

MOVEit is managed file transfer software from Progress, an application development and digital experience technologies provider. Aspx is the native file used by MOVEit Transfer for its web interface.