Security News > 2023 > July

Apple re-releases zero-day patch after fixing browsing issue
2023-07-12 21:27

"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday. Today, Apple started pushing iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 Security Response updates that address the web browsing issues.

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
2023-07-12 20:57

We've given you important, interesting and informative detail about the ongoing saga of malicious kernel drivers, many of them signed and approved by Microsoft itself, that have finally been blocked by Windows. The second important item is the matter of ADV230001, Microsoft's advisory entitled Guidance on Microsoft signed drivers being used maliciously.

SonicWall warns admins to patch critical auth bypass bugs immediately
2023-07-12 20:08

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites."This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.

Russian state hackers lure Western diplomats with BMW car ads
2023-07-12 19:01

The Russian state-sponsored hacking group 'APT29' has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware. APT29 is linked to the Russian government's Foreign Intelligence Service and has been responsible for numerous cyberespionage campaigns targeting high-interest individuals across the globe.

New Windows 11 build ships with more Rust-based Kernel features
2023-07-12 18:37

Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language. Windows GDI is an API layer that sits between user-mode applications and Windows drivers, allowing applications to request graphic output functions and have them relayed to the driver through the kernel.

Microsoft whips up unrest after revealing Azure AD name change
2023-07-12 17:02

Service plan display names will change on October 1: Azure AD Free is to become Microsoft Entra ID Free, Azure AD Premium P1 or P2 will move to Microsoft Entra ID P1 or P2, and Azure AD External Identities will switch to Microsoft Entra External ID. Feature naming will also be overhauled. Azure AD Conditional Access, for example, will become Microsoft Entra Conditional Access, Azure AD MFA will change to Microsoft Entra MFA, and Azure AD single sign-on will move to Microsoft Entra single sign-on.

Critical RCE found in popular Ghostscript open-source PDF library
2023-07-12 16:46

Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw. The flaw is tracked as CVE-2023-3664, having a CVSS v3 rating of 9.8, and impacts all versions of Ghostscript before 10.01.2, which is the latest available version released three weeks ago.

Hiring Kit: Security Architect
2023-07-12 16:00

Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS. Depending on the size of the organization, the security architect position may take on different roles and responsibilities, but in general the position requires certified expertise, comprehensive training and extensive experience in IT security.

GitHub goes passwordless, announces passkeys beta preview
2023-07-12 15:00

GitHub announced today the introduction of passwordless authentication support in public beta, allowing users to upgrade from security keys to passkeys. To activate passkeys on your account, click your profile photo in the top-right corner of any GitHub page.

Google Is Using Its Vast Data Stores to Train AI
2023-07-12 14:50

Research and development: Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. We use publicly available information to help train Google's AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.