Undisclosed HomeKit flaw used by Cellebrite to attack Serbian journalists
Apple's HomeKit is under scrutiny, as Serbian authorities are suspected of exploiting it to install Pegasus spyware without any user interaction at all.MalwareReported by Amnesty International, at the center of the spyware campaign are two tools —.....»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
HomeKit Weekly: This lamp includes a HomeKit bulb and multiple USB charging ports
Sometimes, a package of products provides a simple way to accomplish a goal. is great for Apple fans as it includes a USB-A and USB-C port on the back and a HomeKit-compatible bulb—making it a great gift idea for an Apple fanatic in your life......»»
Adobe Acrobat Reader has a serious security flaw — so patch now
A bug allows threat actors to launch malicious code on Acrobat Reader remotely, and it's already being used in the wild......»»
Cleaner wrasse check their body size in mirror before deciding whether to fight, research demonstrates
An Osaka Metropolitan University-led team has demonstrated that bluestreak cleaner wrasse (Labroides dimidiatus) check their body size in a mirror before choosing whether to attack fish that are slightly larger or smaller than themselves......»»
Jellyfish under attack: Study uncovers parasitic spillover of a burrowing sea anemone
Many marine organisms, like sea anemones, struggle to spread across the ocean, especially if they lack long, mobile larval stages. Unlike their jellyfish relatives, sea anemones do not have a medusa stage, making their dispersal challenging. Their on.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
HomeKit Weekly: Why aren’t we seeing new HomeKit Secure Video cameras?
HomeKit has become a powerful platform, with Apple consistently enhancing its features while staying true to its privacy-first approach. They’ve even contributed to the Matter standard, expanding what the Home app can do. But there’s a big proble.....»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
83% of organizations experienced at least one ransomware attack in the last year
Ransomware is an all-too-common occurrence: 83% of organizations have experienced at least one ransomware attack in the last year, 46% of respondents experienced four or more and 14% indicated they experienced 10 or more. Of those respondents who exp.....»»
Georgia school shooter suspect interviewed by police a year before attack
Georgia school shooter suspect interviewed by police a year before attack.....»»
Deals: M2 iPad Air $729, M2 iPad Pro $800 off, 15W 3-in-1 MagSafe stand $75, HomeKit gear, and more
Alongside a series of exciting new gear coming from IFA today, including the new Twelve South charger with Apple Find My and Belkin’s fabric-wrapped Qi2 15W MagSafe Duo, we are also tracking some solid deals. First up, we have a nice $70 drop on.....»»
Viewpoint: In the face of DEI backlash, belonging plays a key role to future success
Diversity, equity and inclusion efforts have become increasingly visible in U.S. workplaces, especially over the past five years. However, DEI has recently come under attack, with companies scaling back their DEI plans......»»
Business routers vulnerable to OS command injection attack
Zyxel fixes a 9.8-severity vulnerability in multiple endpoints......»»
OpenBAS: Open-source breach and attack simulation platform
OpenBAS is an open-source platform that enables organizations to plan, schedule, and execute crisis exercises, adversary simulations, and breach simulations. Compliant with ISO 22398 standards, OpenBAS is built as a modern web application featuring a.....»»
Man indicted on first-degree murder charge in death of Fla. dealership co-worker
Steve Tilbury is accused of fatally striking his co-worker with a metal baseball bat in a premeditated attack......»»
Starling Home Hub adds deeper HomeKit support for new 4th generation Nest thermostat
One reason I might consider upgrading to the new is its built-in Matter support. In practice, however, the Matter integration appears to be pretty lackluster. My favorite HomeKit bridge, the Starling Home Hub, has just released a new firmware up.....»»
The attack with many names: SMS Toll Fraud
Bad actors leverage premium-rate phone numbers and bots to steal billions of dollars from businesses. In this Help Net Security video, Frank Teruel, CFO at Arkose Labs, discusses how to spot and stop them. The post The attack with many names: SMS Tol.....»»
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sendin.....»»