TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability 2024-06-06[theregister.co.uk] Beware of zero-click malware sliding into your DMs
Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation. Details >
NIST turns to IT consultants to clear National Vulnerability Database backlog 2024-06-04[theregister.co.uk] Aims to get CVE logjam cleared by the end of FY 24
Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its National Vulnerability Database (NVD). Details >
Check Point warns customers to patch VPN vulnerability under active exploitation 2024-06-03[theregister.co.uk] Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities
Infosec in brief Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability under active exploitation. Details >
Ivanti commits to secure-by-design overhaul after vulnerability nightmare 2024-04-04[theregister.co.uk] CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat
Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year. Details >
Hardware-level Apple Silicon vulnerability can leak cryptographic keys 2024-03-22[theregister.co.uk] Short of rearchitecting hardware, the fix will seriously degrade performance
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. Details >
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability 2024-03-11[theregister.co.uk] PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities
Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Details >
Critical vulnerability in Mastodon is pounced upon by fast-acting admins 2024-02-02[theregister.co.uk] Danger of remote account takeovers leaves lead devs scared of releasing many details
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. Details >
Novel backdoor persists even after critical Confluence vulnerability is patched 2023-11-14[theregister.co.uk] Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence. Details >