#ios

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no k...

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front

Cyber insurance is more than a policy for paying off ransomware gangs. It's designed to be something you transfer risk to when security controls fail.

By Deeba Ahmed The apps were loaded with info-stealing malware that can extract victims’ Facebook credentials and download other software, etc.… This is a post from HackRead.com Read the original post: Play Store Apps Caught Spreading Android Malware to Millions

The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the