Apple iOS 12.2 Patches 51 Serious Flaws
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users. Go to Source
ThreatList: Remote Workers Threaten 1 in 3 Organizations
More than one-third of surveyed organizations (36 percent) said they have experienced a security incident because of a remote worker’s actions. Go to Source
Malware Payloads Hide in Images: Steganography Gets a Reboot
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look. Go to Source
Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks
Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions. Go to Source
Some ASUS Updates Drop Backdoors on PCs in ‘Operation ShadowHammer’
The attack appears to be associated with a China-backed APT actor. Go to Source
FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors
The contractor with whom it shared the data has a vulnerable, unpatched network. Go to Source
Medtronic Defibrillators Have Critical Flaws, Warns DHS
The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems. Go to Source
WordPress Plugin Patched After Zero Day Discovered
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild. Go to Source
Firefox and Edge Fall to Hackers on Day Two of Pwn2Own
Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition. Go to Source