Cybersecurity

Apple releases fixes for two zero-days affecting Macs, iPhones and iPads

Apple published two notices on Thursday about two zero-day vulnerabilities affecting Macs, iPhones and iPads. Apple released fixes for CVE-2022-22675 and CVE-2022-22674, both of which were submitted by anonymous researchers.

Ethical hackers ‘hit the jackpot’ as tech groups pay for protection

In late 2019, Dawn Isabel was on the hunt for glitches and vulnerabilities in a particular mobile application. She was taking part in the app maker’s “bug bounty” programme — the development stage when a business hires hackers to find weaknesses in its systems.

The 2022 Cyber Incident Reporting Law: Key Issues to Watch

Against the background of the Russia-Ukraine war, public officials have warned that Moscow or other hacktivist groups may escalate their malicious cyber operations, which could (directly or indirectly) impact the United States and local businesses.

Calendly actively abused in Microsoft credentials phishing

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page.

New Spring Framework RCE Vulnerability Confirmed - What to do?

Early Wednesday morning (GMT), allegations began to appear on the internet about a new remote code execution flaw that affects Spring Core. This vulnerability, dubbed by some as “Springshell” in the community, is a new, previously unknown security vulnerability.

Globant confirms reports of breach after Lapsus$ shares 70GB of stolen files

Multibillion-dollar software development company Globant has confirmed reports that their systems were breached and that someone gained access to the company’s code repository.

Spring Core on JDK9+ is vulnerable to remote code execution

Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available.

Lazarus Trojanized DeFi app for delivering malware

For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business.

New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits

During the past month, FortiEDR detected a campaign by Deep Panda, a Chinese APT group. The group exploited the infamous Log4Shell vulnerability in VMware Horizon servers.

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Attackers tend to copy design elements from the real website, which is why users can find it hard to distinguish the fake pages from the official ones.

Lapsus$ found a spreadsheet of passwords as they breached Okta, documents show

The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that provide new details of the cyber intrusion that

Why do the battery use and the battery level matter during the investigation?

My post today is a continuation of my recent article that you can find here. In the previous article, I shared a .Net tool that allows you to parse a SRUM database and extracts the battery information (battery level and timestamps).

Automating DFIR using Cloud services

As incident response (IR) cases become bigger so should the tooling used by Incident Responders to meet the growing needs. From my own experience during IR cases is that there is a demand for answers to research questions that can be answered by performing triage.

Technology

Movie Insider: How Realistic Animatronics Are Made For Movies & TV

Spectral Motion has been making animatronic puppets for movies and TV shows since 2002. Even if they don’t fully end up in the final shot, they can make for great references for both visual effects artists and the actors in front of the camera.

Here’s why bitcoin miners won’t go for a more climate-friendly alternative

An independent news and commentary website produced by academics and journalists.

Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers

Early Friday morning, the Discords of multiple major NFT projects were hacked as part of a phishing scam to trick users into handing over their digital jpegs. Bored Ape Yacht Club, Nyoki, and Shamanz confirmed Discord hacks in tweets.

The real magic mouse is made by Logitech, not Apple

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement. We may never know why Apple doggedly insists on you charging its mouse upside down, like a beetle with its legs in the air, year after year after year.

Boosting communication and collaboration for teams of all sizes in Google Workspace

Privacy

The Kids Online Safety Act Is a Heavy-Handed Plan to Force Platforms to Spy on Young People

Putting children under surveillance and limiting their access to information doesn’t make them safer—in fact, research suggests just the opposite. Unfortunately those tactics are the ones endorsed by the Kids Online Safety Act of 2022 (KOSA), introduced by Sens. Blumenthal and Blackburn.

An Angry Stalker Used an Apple Watch Wrapped Around His Ex’s Tire Spokes to Secretly Track Her

Police reportedly learned of the stalking attempt after a security officer at a local family safety center reported the man following the woman on premises, according to an affidavit obtained by WSMV4.

Entertainment

Top Gun: Maverick Gets a New Trailer

After more than thirty years of service as one of the Navy’s top aviators, Pete “Maverick” Mitchell (Tom Cruise) is where he belongs, pushing the envelope as a courageous test pilot and dodging the advancement in rank that would ground him.

Will Smith resigns from the Academy after Oscars incident

Will Smith has resigned from the Academy of Motion Picture Arts and Sciences after slapping Chris Rock onstage at the 94th Academy Awards. Smith apologized to Rock the day after the Oscars — where he won Best Actor — and the Academy began disciplinary proceedings against Smith in the past week.