#mac

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018. The NSPX30

Gentoo Linux Security Advisory 202401-29 - A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation. Versions less than 1.9.15_p2 are affected.

Gentoo Linux Security Advisory 202401-28 - Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution. Versions below or equal to 0.52-r1 are affected.

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability.

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to address

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

In 2023, Red Hat met with so many customers and partners – from industry event interactions and individual meeting rooms to cross country visits and late-night service calls, we’ve learned so much from our trusted ecosystem. With all of these lasting connections made, along with so many new projects launched, we can’t wait to see what this year will bring. As we look ahead to the rest of 2024 and gather together again soon at MWC Barcelona, I wanted to take some time to reflect on what we’ve learned to set our customers and partners up for success in 2024.What’s top of mind for servi