Suspected MFA Bombing Attacks Target Apple iPhone Users

Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line. [TechWeb]( Follow Dark Reading: [RSS]( March 29, 2024 LATEST SECURITY NEWS & COMMENTARY [Suspected MFA Bombing Attacks Target Apple iPhone Users]( Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line. [Pervasive LLM Hallucinations Expand Code Developer Attack Surface]( The tendency of popular AI-based tools to recommend nonexistent code libraries offers a bigger opportunity than thought to distribute malicious packages. [Corporations With Cyber Governance Create Almost 4X More Value]( Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance. [Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks]( Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities. [US Puts Up $10M Bounty on BlackCat Ransomware Gang Members]( Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure. [Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East]( Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors. [3 Strategies to Future-Proof Data Privacy]( To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques. [(Sponsored Article) What SolarWinds Means for DevSecOps]( The SEC's SolarWinds indictment plus its new four-day rule for disclosing cybersecurity incidents have serious implications for DevSecOps teams. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Tycoon' Malware Kit Bypasses Microsoft, Google MFA]( Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. [Getting Security Remediation on the Boardroom Agenda]( IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management. [Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers]( A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. [How New-Age Hackers Are Ditching Old Ethics]( Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. [MORE]( PRODUCTS & RELEASES [Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth]( [Checkmarx Announces Partnership With Wiz]( [WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification]( [New Cyber Threats to Challenge Financial Services Sector in 2024]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass]( The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones. LATEST FROM THE EDGE [It's Time to Stop Measuring Security in Absolutes]( All-or-nothing security policies strain resources by aiming for perfection. We need a better way to assess progress. LATEST FROM DR TECHNOLOGY [Strata Identity Releases New Authentication Recipes]( The Microsoft Identity Cookbook is a collection of orchestration recipes to help organizations adopt cloud-based identity providers. LATEST FROM DR GLOBAL [Indian Government, Oil Companies Breached by 'HackBrowserData']( The malicious actor used Slack channels as an exfiltration point to upload the stolen data. WEBINARS - [Securing Code in the Age of AI]( - [Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Demystifying Zero Trust in OT]( - [Causes and Consequences of IT and OT Convergence]( - [Endpoint Best Practices to Block Ransomware]( - [2023 Work-from-Anywhere Global Study]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122467&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.29.24&sp_cid=52780&utm_content=DR_NL_Dark%20Reading%20Daily_03.29.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ac If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)