Security News > 2023 > September
Exacerbating the challenge of managing devices is the fast-evolving threat landscape that organizations are facing, with 41% of respondents concerned about the growing number of vulnerabilities in Apple operating systems and the volume of patches that must be applied across both devices and applications. Michael Covington, VP of Portfolio Strategy at Jamf, comments: "While it is easy to get swept up in the positives surrounding 'anywhere work' programs that empower employees to work remotely on their own schedule, from any location and from any device, organizations need to examine the associated risks and decide how to manage them."
Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email...
In an ironic twist, Rockstar Games reportedly uses pirated software cracks to remove its DRM from some games they sell on Steam. [...]
On Tuesday, the University of Michigan warned staff and students that they must reset their account passwords after a recent cyberattack."The University of Michigan is requiring all community members to change their UMICH password by the end of day on Tuesday, September 12," UMICH CISO Sol Bermann and CIO Ravi Pendse said in emails to university staff and students.
The business offered cash for Bitcoin and vice versa, with Randol collecting a commission on the payouts. Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday.
The Flipper Zero portable wireless pen-testing and hacking tool can be used to aggressively spam Bluetooth connection messages at Apple iOS devices, such as iPhones and iPads. Apple devices supporting Bluetooth Low Energy technology utilize advertising packets to announce their presence to other devices.
Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account. While investigating Storm-0558's attack, Microsoft found that the MSA key was leaked into a crash dump after a consumer signing system crashed in April 2021.
MSI has released BIOS updates to fix a known issue that triggers blue screens of death on Windows computers after installing August 2023 preview updates. "The new BIOS coming will include an update on the Intel CPU uCode which will prevent any more messages regarding the 'UNSUPPORTED PROCESSOR' issues. This upcoming update will correspond to both 13th-generation and newer ones," MSI said on Wednesday.
A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. The primary targets of this campaign are low-cost Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes.
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild. "Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible."