Patch Now: 2 Apple Zero-Days Exploited in Wild

The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heighten the need for a quick response. [TechWeb]( Follow Dark Reading: [RSS]( August 22, 2022 LATEST SECURITY NEWS & COMMENTARY [Patch Now: 2 Apple Zero-Days Exploited in Wild]( The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response. [BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing]( Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group. [State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims]( APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA. [Cyber Resiliency Isn't Just About Technology, It's About People]( To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Windows Vulnerability Could Crack DC Server Credentials Open]( The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. [How to Upskill Tech Staff to Meet Cybersecurity Needs]( Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff. [Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out]( How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk. [MORE]( EDITORS' CHOICE [Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip]( Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. LATEST FROM THE EDGE [NIST Weighs in on AI Risk]( NIST is developing the AI Risk Management Framework and a companion playbook to help organizations navigate algorithmic bias and risk. LATEST FROM DR TECHNOLOGY [Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits]( The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors. WEBINARS - [Using Identity & Access Management to Improve Cyber Defense]( End user credentials have become a central target for online attackers, enabling them to navigate your enterprise systems as trusted users. As online attackers target these credentials and end users seek to gain access to a wider variety of applications ... - [Malicious Bots: What Enterprises Need to Know]( Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Five Best Practices for AWS Security Monitoring]( - [Sumo Logic for Continuous Intelligence]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Risks of Modern Application Development]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain]( [SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Living on the Edge: Building and Maintaining Security at the Network Edge]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)