Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine

The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. [TechWeb]( Follow Dark Reading: [RSS]( January 24, 2024 LATEST SECURITY NEWS & COMMENTARY [Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine]( The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. [CISA Director Jen Easterly Targeted in Swatting Incident]( A phone call to authorities claimed that a shooting had taken place on Easterly's block. ['VexTrio' TDS: The Biggest Cybercrime Operation on the Web?]( The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally. [Subway Puts a LockBit Investigation on the Menu]( The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary "SBS" network. [SEC Says SIM Swap to Blame for Breached X Account]( Crypto hackers gained control of a phone number associated with the government agency's account after MFA was disabled in July. [US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker]( Aleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia's history. [Magecart Adds Middle East Retailers to Long List of Victims]( Cybercriminals who conspire to put credit-card skimmers on e-commerce sites have hit some large vendors in the region. [Millions at Risk As 'Parrot' Web Server Compromises Take Flight]( The cyberattackers behind the traffic redirection system (TDS) inject websites with malicious scripts, have control over thousands of servers worldwide, and have ramped up efforts to avoid detection. [MacOS Malware Targets Bitcoin, Exodus Cryptowallets]( The malware substitutes genuine apps with compromised versions, enabling attackers to pilfer credentials and recovery phrases, thus gaining access to wallets and their contents. [Learning From Ukraine's Pioneering Approaches to Cybersecurity]( Ukraine's tactical and strategic cybersecurity approach in the intense warfare environment offers a blueprint for organizations aiming to fortify their cyber defenses. [Google-Backed Israeli University Launches Cyber-Analyst Course]( Backed by PwC Next, the program offers tailored cybersecurity training in an effort to better defend the nation against increased attacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years]( Even the most careful VMware customers may need to go back and double check that they weren't compromised by a zero-day exploit for CVE-2023-34048. [German IT Consultant Fined Thousands for Reporting Security Failing]( The company, Modern Solutions, had misconfigured a cloud database, but argues the contractor could only have found the password through insider knowledge. [Battling Misinformation During Election Season]( Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools. [MORE]( PRODUCTS & RELEASES [Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket]( [Amy Farrow Joins Infoblox As Chief Information Officer]( [National Cybersecurity Alliance Announces 2024 Data Privacy Week]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack]( Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs. LATEST FROM THE EDGE [Time to Secure Cloud-Native Apps Is Now]( While the challenges and risks associated with securing cloud-native environments are significant, with the right security measures and a focus on cybersecurity basics, organizations can effectively secure their cloud-native systems and development pipelines. LATEST FROM DR TECHNOLOGY [Apple's Anti-Theft Security Slows Down iPhone Crooks]( The new iOS update includes Stolen Device Protection which limits what users can do on their iPhones when away from known locations (such as home or work), to prevent criminals from making unauthorized changes. LATEST FROM DR GLOBAL [AI Program Poised to Advance Cybersecurity in Abu Dhabi]( The nation's new AI council will be responsible for developing policies and strategies related to research, infrastructure, and investments in AI. WEBINARS - [DevSecOps: The Smart Way to Shift Left]( - [Tips for Managing Cloud Security in a Hybrid Environment]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [2023 Software Supply Chain Attack Report]( - [The Need for a Software Bill of Materials]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120707&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.24.24&sp_cid=51599&utm_content=DR_NL_Dark%20Reading%20Daily_01.24.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#42 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)