New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

The Hacker News Daily Updates [Newsletter]( [cover]( [Using the OWASP MASVS Security Standards]( Developers looking to lessen the impact of mobile application attacks need to build a strong mobile application security strategy [Download Now]( Sponsored LATEST NEWS Dec 14, 2022 [New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts]( A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems]( Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Why PCI DSS 4.0 Should Be on Your Radar in 2023]( Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard (PCI DSS), created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards, businesses can ensure that their customer's personal and financial information is secure. The PCI ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More]( Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability]( The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products]( Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities]( Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability]( A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [Using the OWASP MASVS Security Standards]( Developers looking to lessen the impact of mobile application attacks need to build a strong mobile application security strategy [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India