Apple Security Bug Opens iPhone, iPad to RCE

CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices. [TechWeb]( Follow Dark Reading: [RSS]( March 27, 2024 LATEST SECURITY NEWS & COMMENTARY [Apple Security Bug Opens iPhone, iPad to RCE]( CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices. [Patch Now: Critical Fortinet RCE Bug Under Active Attack]( A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority. [Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers]( A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. [How New-Age Hackers Are Ditching Old Ethics]( Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. [Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks]( Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under. ['Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide]( Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post. Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and more. [(Sponsored Article) CNAPP Must Evolve to Bring SecOps Into the Fold]( With more business-critical applications in the cloud, CNAPP must converge cloud security and security operations to effectively manage cloud risk. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Chinese State-Sponsored Hackers Charged, Sanctions Levied by US]( The US and the UK charge seven Chinese nationals for operating as part of threat group APT31. [Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach]( The issue can seem daunting, but most organizations have more agency and flexibility to deal with third-party risk than they think. [CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects]( In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs. [MORE]( PRODUCTS & RELEASES [Kaspersky Identifies Three New Android Malware Threats]( [Akamai Research Finds 29% of Web Attacks Target APIs]( [Expel Releases Updated Toolkit in Response to NIST 2.0]( [Nozomi Networks Secures $100M Investment to Defend Critical Infrastructure]( [Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [GitHub Developers Hit in Complex Supply Chain Cyberattack]( The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects. LATEST FROM THE EDGE [AWS CISO: Pay Attention to How AI Uses Your Data]( Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool and a double-edged sword. LATEST FROM DR TECHNOLOGY [Abstract Security Brings AI to Next-Gen SIEM]( The startup’s AI-powered data streaming platform separates security analytics from compliance data. Detecting is faster while also reducing computing and storage costs. LATEST FROM DR GLOBAL [Japan Runs Inaugural Cyber Defense Drills With Pacific Island Nations]( Kiribati, the Marshall Islands, Micronesia, Nauru, and Palau participate in the cybersecurity exercise held in Guam. WEBINARS - [Securing Code in the Age of AI]( - [How To Optimize and Accelerate Cybersecurity Initiatives for Your Business]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( - [2023 Work-from-Anywhere Global Study]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122394&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.27.24&sp_cid=52725&utm_content=DR_NL_Dark%20Reading%20Daily_03.27.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#b0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)