Apple AirPods Bug Allows Eavesdropping

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro. [TechWeb]( Follow Dark Reading: [RSS]( June 27, 2024 LATEST SECURITY NEWS & COMMENTARY [Apple AirPods Bug Allows Eavesdropping]( The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro. [Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content]( Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more. [Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites]( The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year. [Neiman Marcus Customers Impacted by Snowflake Data Breach]( The high-end retailer is the latest company to confirm it was affected by the wide-ranging Snowflake data breach, which impacted more than 165 organizations. ['Snowblind' Tampering Technique May Drive Android Users Adrift]( As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix. [Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits]( Our adversaries certainly have diversity — so cybersecurity teams need it, too. [(Sponsored Article) Are AI-Based Attacks Too Good for Security Awareness Training?]( With AI, traditional security awareness training faces an existential threat. To ensure its long-term effectiveness, we have to rethink what we train individuals to recognize. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Threat Actor May Have Accessed Sensitive Info on CISA Chemical App]( An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January. ['ChamelGang' APT Disguises Espionage Activities With Ransomware]( The China-nexus cyber-threat actor has been operating since at least 2019 and has notched victims in multiple countries. [Key Takeaways From the British Library Cyberattack]( Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks. [The NYSE's $10M Wake-up Call]( The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight. [MORE]( PRODUCTS & RELEASES [Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organizations Report Cyber Breaches and Incidents]( [Akamai Completes Acquisition of API Security Company Noname]( [CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Fresh MOVEit Bug Under Attack Mere Hours After Disclosure]( The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges. LATEST FROM THE EDGE [Is Defense Winning? A Look at Decades of Playing Catch Up]( In this Black Hat USA preview, scholar Jason Healey examines strategies for measuring and shifting the balance of cyber defense LATEST FROM DR TECHNOLOGY [Multifactor Authentication Is Not Enough to Protect Cloud Data]( Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication. LATEST FROM DR GLOBAL [Indonesia Refuses to Pay $8M Ransom After Cyberattack]( More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Hunting in the Cloud: Adapting to the New Landscape]( - [The Three-Point Action Plan for new CISOs]( - [Data Protection Essentials: Proactive PII Leak Prevention and Data Mapping for GDPR]( - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [Google Threat Intelligence]( - [SecOps Checklist]( - [Purple AI Datasheet]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Industrial Networks in the Age of Digitalization]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124265&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.27.24&sp_cid=54077&utm_content=DR_NL_Dark%20Reading%20Daily_06.27.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#f0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)