September 2024 – Page 31

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL).
“The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said.
The teenager, who’s from Walsall, is said to have been

In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

The post In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit appeared first on SecurityWeek.

Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek.

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.
However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials.
“The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers Michele Roviello and Alessandro Strino said. “In addition,

New ‘Hadooken’ Linux Malware Targets WebLogic Servers

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

The post New ‘Hadooken’ Linux Malware Targets WebLogic Servers appeared first on SecurityWeek.

House Report Shows Chinese Cranes a Security Risk to US Ports

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The post House Report Shows Chinese Cranes a Security Risk to US Ports appeared first on SecurityWeek.

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks.
The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who

UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

The post UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy appeared first on SecurityWeek.

Month: September 2024