Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
The post Apple Suddenly Drops NSO Group Spyware Lawsuit appeared first on SecurityWeek.
23andMe to pay $30 million in genetics data breach settlement
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. […]
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel
Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe.
The post Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel appeared first on SecurityWeek.
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. […]
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named “Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. […]
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it’s recovering from a cyberattack that disrupted service disruptions as the RansomHub ransomware gang threatens to leak stolen data. […]
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL).
“The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said.
The teenager, who’s from Walsall, is said to have been
“The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the U.K. National Crime Agency (NCA) said.
The teenager, who’s from Walsall, is said to have been
In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit
Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.
The post In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit appeared first on SecurityWeek.
Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks
Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.
The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek.