Iranian hackers backdoor 34 orgs with new Sponsor malware

A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. [...]

https://www.bleepingcomputer.com/news/security/iranian-hackers-backdoor-34-orgs-with-new-sponsor-malware/

 CISA warns govt agencies to secure iPhones against spyware attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-to-secure-iphones-against-spyware-attacks/

 MGM Resorts shuts down IT systems after cyberattack

MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations. [...]

https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/

 Microsoft will block 3rd-party printer drivers in Windows Update

Microsoft will block third-party printer driver delivery in Windows Update as part of a substantial and gradual shift in its printer driver strategy over the next 4 years. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-block-3rd-party-printer-drivers-in-windows-update/

 Google fixes another Chrome zero-day bug exploited in attacks

Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. [...]

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

 New WiKI-Eve attack can steal numerical passwords over WiFi

A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen. [...]

https://www.bleepingcomputer.com/news/security/new-wiki-eve-attack-can-steal-numerical-passwords-over-wifi/

Latest news and stories from BleepingComputer.com
New WiKI-Eve attack can steal numerical passwords over WiFi

A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen. [...]

Latest news and stories from BleepingComputer.com
Iranian hackers backdoor 34 orgs with new Sponsor malware

A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. [...]

 'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months. [...]

https://www.bleepingcomputer.com/news/security/redfly-hackers-infiltrated-power-suppliers-network-for-6-months/

Latest news and stories from BleepingComputer.com
'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months. [...]
➖ Sent by @TheFeedReaderBot ➖

 Why Network Visibility Doesn’t Have to be so Complicated

Smart devices offer numerous benefits to both homes and small businesses, but they also pose unique security risks that can fly under the radar. Learn from Firewalla on how consumers and small business owners can effectively secure their smart homes and workplaces with the help of increased visibility. [...]

https://www.bleepingcomputer.com/news/security/why-network-visibility-doesnt-have-to-be-so-complicated/

 Apple backports BLASTPASS zero-day fix to older iPhones

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. [...]

https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zero-day-fix-to-older-iphones/

Latest news and stories from BleepingComputer.com
Free Download Manager site redirected Linux users to malware for years

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [...]

Latest news and stories from BleepingComputer.com
Apple backports BLASTPASS zero-day fix to older iPhones

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. [...]

Latest news and stories from BleepingComputer.com
Why Network Visibility Doesn’t Have to be so Complicated

Smart devices offer numerous benefits to both homes and small businesses, but they also pose unique security risks that can fly under the radar. Learn from Firewalla on how consumers and small business owners can effectively secure their smart homes and workplaces with the help of increased visibility. [...]

 Free Download Manager site redirected Linux users to malware for years

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/

 CISA offers free security scans for public water utilities

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-offers-free-security-scans-for-public-water-utilities/

 Windows 11 KB5030219 cumulative update released with 24 fixes, changes

Microsoft has released the Windows 11 22H2 KB5030219 cumulative update to fix security vulnerabilities and introduce 24 changes, improvements, and bug fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5030219-cumulative-update-released-with-24-fixes-changes/

 Adobe warns of critical Acrobat and Reader zero-day exploited in attacks

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-acrobat-and-reader-zero-day-exploited-in-attacks/

 Windows 10 KB5030211 update released with 11 improvements

Microsoft has released Windows 10 KB5030211 and KB5030214 cumulative updates for versions 22H2, 21H2, and 1809 to fix problems with the operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5030211-update-released-with-11-improvements/

 Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2023-patch-tuesday-fixes-2-zero-days-59-flaws/