Security News
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4.
Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.
Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.
Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities. Apple has promised additional details will be available soon.
UPDATE. SonicWall said a zero-day in its SMA 100 series 10.x code was targeted by "Highly-sophisticated" attackers. "On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code," said SonicWall in an updated statement.
On Friday evening, SonicWall announced that it "Identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products." "We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government," SonicWall said while warning the public about the potential zero-day vulnerabilities in the NetExtender VPN Client and Secure Mobile Access physical and virtual appliances.
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access VPN device and its NetExtender VPN client in a "Sophisticated" attack on their internal systems.
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access VPN device and its NetExtender VPN client in a "Sophisticated" attack on their internal systems.
UPDATE] Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by "Highly sophisticated threat actors" exploiting what appear to be zero-day vulnerabilities affecting some of the company's products. The SMA 100 Series product remains under investigation, SonicWall said.
SolarWinds hack investigation reveals new Sunspot malwareCrowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company's Orion software. January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCEMicrosoft has plugged 83 security holes, 10 of which are critical.