Security News > 2023 > July

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.

IT teams need help to monitor and enforce BYOD policies during summer months when more employees often travel or work remotely. In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks.

It is important not to underestimate the potentially devastating impact of DDoS attacks. Throughout this Help Net Security video round-up, experts emphasize the need for a collective effort in the fight against DDoS attacks.

Investment in connected device security has accelerated as upcoming legislation affecting the sector becomes more prominent, according to PSA Certified. The annual barometer of industry perceptions and intentions around connected device security surveyed 1,240 technology decision makers worldwide, and found that 75% of businesses report that security has become a bigger business priority in the last 12 months, and they are spending on average 15.3% more in security related areas in 2023 compared to 2022.

Microsoft is finally rolling out a driver update to address a known issue causing built-in cameras on ARM-based Windows devices to stop working. Before releasing the updated driver to fix the broken Surface laptop cameras, Microsoft also provided a temporary workaround that can still be used until the update rolls out to all impacted systems.

The bad news here is that, because reading from DRAM forces the hardware to write the data back to the same memory cells right away, you only need read access to a particular bunch of memory cells in order to trigger low-level electronic rewrites of those cells. Simply put, merely by reading from the same block of DRAM memory over and over in a tight loop, you automatically cause it to be rewritten at the same rate, thus greatly increasing the chance that you'll deliberately, if largely unpredictably, induce one or more "Bit flips" in nearby memory cells.

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania. BlackBerry's research and intelligence team recently discovered two malicious documents that impersonated the Ukranian World Congress organization and topics related to the NATO Summit to lure selected targets.

VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments. Recently, VMware issued another alert about a now-patched critical bug in VMware Aria Operations for Networks, allowing remote command execution as the root user and being actively exploited in attacks.

In collaboration with Microsoft, Amazon has announced the general availability of its AppStore on Windows 11 for all developers. This means more apps and games are coming to Windows 11 as Amazon developers can now easily access the AppStore for Windows and bring their Amazon Store apps to Microsoft's platform.

Microsoft warned customers today that multiple editions of Windows 11, version 21H2, will reach the end-of-service in three months, on October 10, 2023. Windows 11 22H2 has entered widespread availability for Windows devices meeting the eligibility criteria since October.