Sign up to save your podcasts
Or
Share Apple attack, Conti hits Parker, iPhone vuln, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Apple attack, Conti hits Parker, iPhone vuln, and more.
A daily look at the relevant information security news from overnight.
Episode 238 - 17 May 2022
Apple attack - https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Conti hits Parker -
https://www.infosecurity-magazine.com/news/parker-conti-ransomware/
Tesla BLE - https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
Card skimming - https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
iPhone vulv- https://threatpost.com/iphones-attack-turned-off/179641/
Hi, I’m Paul Torgersen. It’s Tuesday May 17th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watches. The flaw is an out-of-bounds write issue in the AppleAVD, the kernel extension for audio and video decoding. Apple says it is likely this has already been exploited in the wild.
From Infosecurity-magazine.com:
US manufacturer Parker-Hannifin has announced a data breach exposing employees’ PII after being the target of a Conti ransomware attack. The company said that an unauthorized third party gained access to its IT systems between 11 and 14 of March this year. On the plus side, if you‘re information was involved, you just got two free years of identity theft monitoring.
From BleepingComputer.com:
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. What target devices, you ask? Teslas. Details in the article.
From ZDNet.com:
The FBI put out a warning that someone is scraping credit card data from the checkout pages of US businesses' websites. The bad actor is injecting malicious PHP Hypertext Preprocessor code into the business' online checkout page and sending the scraped data to a server that spoofed a legitimate card processing server. They also left a backdoor into the victims system.
And last today, from ThreatPost.com
Because of how Apple implements standalone wireless features such as Bluetooth, Near Field Communication and Ultra-wideband technologies, researchers have found that iPhones are vulnerable to malware loading attacks even when the device is turned off. The root cause of the issue is how iPhones implement low power mode for wireless chips. No comment yet from Apple, but there is a link to the research report in the article.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
Episode 238 - 17 May 2022
Apple attack - https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Conti hits Parker -
https://www.infosecurity-magazine.com/news/parker-conti-ransomware/
Tesla BLE - https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
Card skimming - https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
iPhone vulv- https://threatpost.com/iphones-attack-turned-off/179641/
Hi, I’m Paul Torgersen. It’s Tuesday May 17th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watches. The flaw is an out-of-bounds write issue in the AppleAVD, the kernel extension for audio and video decoding. Apple says it is likely this has already been exploited in the wild.
From Infosecurity-magazine.com:
US manufacturer Parker-Hannifin has announced a data breach exposing employees’ PII after being the target of a Conti ransomware attack. The company said that an unauthorized third party gained access to its IT systems between 11 and 14 of March this year. On the plus side, if you‘re information was involved, you just got two free years of identity theft monitoring.
From BleepingComputer.com:
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. What target devices, you ask? Teslas. Details in the article.
From ZDNet.com:
The FBI put out a warning that someone is scraping credit card data from the checkout pages of US businesses' websites. The bad actor is injecting malicious PHP Hypertext Preprocessor code into the business' online checkout page and sending the scraped data to a server that spoofed a legitimate card processing server. They also left a backdoor into the victims system.
And last today, from ThreatPost.com
Because of how Apple implements standalone wireless features such as Bluetooth, Near Field Communication and Ultra-wideband technologies, researchers have found that iPhones are vulnerable to malware loading attacks even when the device is turned off. The root cause of the issue is how iPhones implement low power mode for wireless chips. No comment yet from Apple, but there is a link to the research report in the article.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight.
Episode 238 - 17 May 2022
Apple attack - https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Conti hits Parker -
https://www.infosecurity-magazine.com/news/parker-conti-ransomware/
Tesla BLE - https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
Card skimming - https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
iPhone vulv- https://threatpost.com/iphones-attack-turned-off/179641/
Hi, I’m Paul Torgersen. It’s Tuesday May 17th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watches. The flaw is an out-of-bounds write issue in the AppleAVD, the kernel extension for audio and video decoding. Apple says it is likely this has already been exploited in the wild.
From Infosecurity-magazine.com:
US manufacturer Parker-Hannifin has announced a data breach exposing employees’ PII after being the target of a Conti ransomware attack. The company said that an unauthorized third party gained access to its IT systems between 11 and 14 of March this year. On the plus side, if you‘re information was involved, you just got two free years of identity theft monitoring.
From BleepingComputer.com:
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. What target devices, you ask? Teslas. Details in the article.
From ZDNet.com:
The FBI put out a warning that someone is scraping credit card data from the checkout pages of US businesses' websites. The bad actor is injecting malicious PHP Hypertext Preprocessor code into the business' online checkout page and sending the scraped data to a server that spoofed a legitimate card processing server. They also left a backdoor into the victims system.
And last today, from ThreatPost.com
Because of how Apple implements standalone wireless features such as Bluetooth, Near Field Communication and Ultra-wideband technologies, researchers have found that iPhones are vulnerable to malware loading attacks even when the device is turned off. The root cause of the issue is how iPhones implement low power mode for wireless chips. No comment yet from Apple, but there is a link to the research report in the article.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
Episode 238 - 17 May 2022
Apple attack - https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Conti hits Parker -
https://www.infosecurity-magazine.com/news/parker-conti-ransomware/
Tesla BLE - https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/
Card skimming - https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/
iPhone vulv- https://threatpost.com/iphones-attack-turned-off/179641/
Hi, I’m Paul Torgersen. It’s Tuesday May 17th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watches. The flaw is an out-of-bounds write issue in the AppleAVD, the kernel extension for audio and video decoding. Apple says it is likely this has already been exploited in the wild.
From Infosecurity-magazine.com:
US manufacturer Parker-Hannifin has announced a data breach exposing employees’ PII after being the target of a Conti ransomware attack. The company said that an unauthorized third party gained access to its IT systems between 11 and 14 of March this year. On the plus side, if you‘re information was involved, you just got two free years of identity theft monitoring.
From BleepingComputer.com:
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. What target devices, you ask? Teslas. Details in the article.
From ZDNet.com:
The FBI put out a warning that someone is scraping credit card data from the checkout pages of US businesses' websites. The bad actor is injecting malicious PHP Hypertext Preprocessor code into the business' online checkout page and sending the scraped data to a server that spoofed a legitimate card processing server. They also left a backdoor into the victims system.
And last today, from ThreatPost.com
Because of how Apple implements standalone wireless features such as Bluetooth, Near Field Communication and Ultra-wideband technologies, researchers have found that iPhones are vulnerable to malware loading attacks even when the device is turned off. The root cause of the issue is how iPhones implement low power mode for wireless chips. No comment yet from Apple, but there is a link to the research report in the article.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.