Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info
A lack of authentication in Apple’s Device Enrollment Program could allow attackers to scoop up Wi-Fi passwords and VPN configurations. Go to Source
2018 Has Been Open Season on Open Source Supply Chains
Hackers see green field opportunities in vulnerable software supply chains. Go to Source
VPNFilter’s Arsenal Expands With Newly Discovered Modules
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Go to Source
Google Vows Privacy Changes in Chrome Browser After User Backlash
The tech giant promised that it will be more transparent about users’ data in Chrome 70 after coming under fire for its privacy policies earlier this week. Go to Source
Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks
Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Go to Source
Malware on SHEIN Servers Compromises Data of 6.4M Customers
A data breach targeting women’s apparel giant SHEIN occurred between June and August 2018. Go to Source
Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
Malicious apps can trivially thwart Mojave 10.14’s new privacy protections. Go to Source
Cybercriminals Target Kodi Media Player for Malware Distribution
A recent cryptomining campaign shows criminal ingenuity. Go to Source
Adwind RAT Scurries By AV Software With New DDE Variant
The spam campaign mostly targets victims in Turkey and Germany. Go to Source
Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
Chrome users are now automatically signed into the browser if they’re signed into any other Google service, such as Gmail. Go to Source