Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature

Even the most severe security protections for mobile phones aren't all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows. [TechWeb]( Follow Dark Reading: [RSS]( December 06, 2023 LATEST SECURITY NEWS & COMMENTARY [Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature]( Even the most severe security protections for mobile phones aren't all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows. [LLMs Open to Manipulation Using Doctored Images, Audio]( As LLMs begin to integrate multimodal capabilities, attackers could use hidden instructions in images and audio to get a chatbot to respond the way they want, say researchers at Black Hat Europe 2023. [Hackers Claim to Breach Israeli Defense Force Medical Data]( The Malek Team, which previously hit a private college in Israel, claims responsibility for a hack of Israel's Ziv Medical Center. [Payments Giant Tipalti: No Ransomware Breach, No Threat to Roblox]( BlackCat/ALPHV claims it has had access to the payments technology vendor's systems since September, and threatens follow-on attacks on its customer Roblox. [WordPress Bug 'Patch' Installs Backdoor for Full Site Takeover]( A faux security alert purports to provide a fix for an RCE flaw, but instead creates a user with admin privileges and spreads a backdoor to infected sites. [SpyLoan Malicious App Downloaded 12M+ Times in Google Play]( The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them. [Embrace Generative AI for Security, but Heed Caution]( AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent. [(Sponsored Article) Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats]( Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['AeroBlade' Group Hacks US Aerospace Company]( Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data. [Establishing New Rules for Cyber Warfare]( Why we should applaud the Red Cross's efforts, even if they likely won't work. [23andMe: Data Breach Was a Credential-Stuffing Attack]( The DNA testing company believes that the attack has now been contained and is notifying impacted individuals. [MORE]( PRODUCTS & RELEASES [Zatik Security Gains Momentum, Announces Co-Founder, CTO, Partner Network]( [Flow Security Launches GenAI DLP]( [The Latest Delinea Secret Server Release Boosts Usability With New Features]( [1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Meta AI Models Cracked Open With Exposed API Tokens]( Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations. LATEST FROM THE EDGE [EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services]( Organizations in "essential" sectors have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2). LATEST FROM DR TECHNOLOGY [Enhancing Incident Response Playbooks With Machine Learning]( Cybersecurity analysts use playbooks as a guide to quickly investigate and respond to incidents, but they regularly neglect to keep the process documents up to date. LATEST FROM DR GLOBAL [Q&A: Lessons Learned From the Middle East's National Cyber Drills]( Suleyman Ozarslan, co-founder of Picus Security, discusses critical-infrastructure cyber drills in the region, who runs them, and what happens to the results. WEBINARS - [How to Combat the Latest Cloud Security Threats]( More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ... - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119754&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.06.23&sp_cid=50854&utm_content=DR_NL_Dark%20Reading%20Daily_12.06.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#18 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)