October 11, 2021

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in […]

The post Apple released emergency update to fix zero-day actively exploited appeared first on Security Affairs.

Read More Apple released emergency update to fix zero-day actively exploited

Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent. The botnet was also used for other malicious activities, including […]

The post Security Service of Ukraine arrested a man operating a huge DDoS botnet appeared first on Security Affairs.

Read More Security Service of Ukraine arrested a man operating a huge DDoS botnet

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive […]

The post Iran-linked DEV-0343 APT target US and Israeli defense technology firms appeared first on Security Affairs.

Read More Iran-linked DEV-0343 APT target US and Israeli defense technology firms

LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents.  LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that can allow attackers to manipulate documents to appear as signed by a trusted source.  “It is possible for an attacker to manipulate documents […]

The post Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing appeared first on Security Affairs.

Read More Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing

MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.

The post Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors appeared first on Microsoft Security Blog.

Read More Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as ‘Donot Team‘ (aka APT-C-35) which was orchestrated by threat actors in India and Pakistan. Experts believe the attackers used a spyware developed […]

The post Donot Team targets a Togo prominent activist with Indian-made spyware appeared first on Security Affairs.

Read More Donot Team targets a Togo prominent activist with Indian-made spyware

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

To respect “privacy and human dignity,” MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of individuals in public spaces, saying citizens should only be monitored when suspected of a crime.

The parliament has also called for a ban on the use of private facial recognition databases — such as the controversial AI system created by U.S. startup Clearview…

Read More The European Parliament Voted to Ban Remote Biometric Surveillance

Today’s episode reports on charges in a U.S. business email scam, French police arrest COVID hacker, Microsoft addresses Excel macro problem and an app developer’s security mistake

The post Cyber Security Today, Oct. 11, 2021 – Three charged in U.S. email scam, French police arrest COVID hacker and an app developer makes a security mistake first appeared on IT World Canada.

Read More Cyber Security Today, Oct. 11, 2021 – Three charged in U.S. email scam, French police arrest COVID hacker and an app developer makes a security mistake

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]

The post NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks appeared first on Security Affairs.

Read More NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks