01 December 2023
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
Apple released crucial updates for iOS, iPadOS, macOS, and Safari to address actively exploited vulnerabilities in the WebKit browser engine. The flaws could lead to out-of-bounds read issues and potential exploitation.
WhatsApp's New Secret Code Feature Hides Your Locked Chats
WhatsApp introduced a new Secret Code feature enabling users to hide locked chats by setting a custom password.
Capital Health Hospitals hit by cyberattack causing IT outages
IT outages affected Capital Health hospitals and physician offices in New Jersey after a cyberattack targeted the non-profit organization's network earlier this week.
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
The U.S. Department of the Treasury sanctioned the North Korea-linked adversarial collective, Kimsuky, and eight foreign-based agents for aiding revenue generation and missile-related technology procurement that supports DPRK's strategic goals.
Cactus Ransomware Exploiting Qlik Sense Flaws to Breach Networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to gain initial access to corporate networks.
Security Updates and Fixes:
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel issued patches for 15 security issues affecting NAS, firewall, and access point devices, including critical vulnerabilities leading to authentication bypass and command injection.
Apple Fixes two New iOS Zero-days in Emergency Updates
Emergency updates from Apple addressed two zero-day vulnerabilities exploited in attacks affecting iPhone, iPad, and Mac devices, marking 20 zero-days patched this year.
Zyxel Warns of Multiple Critical Vulnerabilities in NAS Devices
Zyxel addressed multiple security issues in NAS devices, including three critical vulnerabilities allowing unauthenticated attackers to execute OS commands.
FjordPhantom Android Malware Uses Virtualization to Evade Detection
A newly discovered Android malware, FjordPhantom, utilizes virtualization to run malicious code within a container to avoid detection.