#apple

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover up

In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.

Categories: Podcast This week on the Lock and Code podcast, we speak with James Fair about the reluctance of some businesses to take cybersecurity seriously, even in the face of major attacks. (Read more...) The post MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22 appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs: Stay safe! Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting...

By Owais Sultan As we progress further into digital life, PDF security has evolved increasingly complex. This is a post from HackRead.com Read the original post: PDF Security – How To Keep Sensitive Data Secure in a PDF File

The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

Endpoint management based on open source agents, such as osquery, could simplify IT management and security while giving larger firms more customization options.

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.