'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone. [TechWeb]( Follow Dark Reading: [RSS]( February 27, 2023 LATEST SECURITY NEWS & COMMENTARY ['New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover]( With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone. [Canadian Telecom Firm Telus Reportedly Investigating Breach]( A threat actor has leaked data — purportedly, samples of Telus employee payroll data and source code — on a hacker site. [TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount]( Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security. [CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine]( The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia. [To Safeguard Critical Infrastructure, Go Back to Basics]( CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Wiper Malware Surges Ahead, Spiking 53% in 3 Months]( Cybercriminals and hacktivists have joined state-backed actors in using sabotage-bent malware in destructive attacks, new report shows. [This Will Be the Year of the SBOM, for Better or for Worse]( Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives. [Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?]( Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks. [MORE]( EDITORS' CHOICE [Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery]( The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner. LATEST FROM THE EDGE [Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine]( Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides. LATEST FROM DR TECHNOLOGY [Tackling Software Supply Chain Issues With CNAPP]( The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain. WEBINARS - [Building Out the Best Response Playbook for Ransomware Attacks]( When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [Securing OT, Remote Access and Converged SOC Operations]( - [IT/OT Security Platform Navigator 2022]( - [2022 State of OT Cybersecurity Report]( - [Cloud Journey Migration Stage: Adaptive Cloud Security]( - [Forrester Total Economic Impact Report Infographic]( - [State of Enterprise Cybersecurity: Invest Now, or Pay Big Later]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [UL Solutions Issues Automotive Cybersecurity Assurance Program Certificate to LG Innotek]( [Forsage Founders Indicted in $340M DeFi Crypto Scheme]( [Linux Foundation Europe Announces Formation of OpenWallet Foundation]( [AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)