Category: Cyber Security

Apple has issued security patches to address two zero-day vulnerabilities, one of which has been openly published and the other of which has been manipulated in the field by hackers to get access to iPhones and Macs. A memory corruption flaw in the IOMobileFrameBuffer that impacts iOS, iPadOS, and macOS Monterey is the first zero-day fixed today (tagged as CVE-2022-22587) [1, 2]. On infected devices, full disclosure of this flaw results in arbitrary code execution with kernel privileges. iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation), and macOS Monterey are all affected products. 

Source: https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/ 

The Pentagon’s latest “strategic direction” for its Cyber Maturity Model Certification (CMMC 2.0) better conforms with current government standards and procedures, but it misses the point of President Biden’s request for “radical change.” Long before the creation of CMMC, federal procurement restrictions obligated all military contractors who kept in touch with controlled unclassified information (CUI) to incorporate the fundamental cyber hygiene safeguards outlined in NIST Special Publication (SP) 800-171 from the National Institute of Standards and Technology. After nearly two years of research, the Defense Department unveiled the initial CMMC in November 2020. 

Source: https://federalnewsnetwork.com/commentary/2022/01/the-pentagons-new-cybersecurity-model-is-better-but-still-an-incremental-solution-to-a-big-challenge/ 

Cybersecurity and space have emerged as major hazards to the global economy, in addition to the current difficulties presented by climate change and the coronavirus pandemic. This is according to the World Economic Forum’s Global Risks Report, which was released on Tuesday. According to the survey, cyber assaults are growing more aggressive and pervasive as hackers employ more sophisticated strategies to target increasingly susceptible targets. It was also said that failure to act on climate change, extreme weather, and biodiversity loss as the top three dangers on the earth’s wellbeing over the next decade. 

Source: https://www.npr.org/2022/01/11/1072029936/cyber-risks-add-to-climate-threat-world-economic-forum-warns 

Cybersecurity breaches have become all too common these days. With these, Google has opted to purchase Siemplify, a cybersecurity firm located in Israel that focuses on end-to-end security services for businesses, also known as security orchestration, automation, and response (SOAR) services. Google is said to have paid $500 million on the deal. In the area of cybersecurity, Google’s acquisition comes at a vital time. The wider picture is that security breaches aren’t going away, a scenario fueled by increasingly sophisticated techniques from bad hackers and an ever-more appealing target as businesses and consumers move more of their infrastructure and daily activities online and into the cloud. 

Source: https://techcrunch.com/2022/01/04/google-confirms-it-acquired-cybersecurity-specialist-siemplify-reportedly-for-500m-to-become-part-of-google-clouds-chronicle/ 

As thrilling as it is to watch, Spider-Man: No Way Home should be downloaded with caution owing to bitcoin malware discovered in a torrent download. Reasonlabs, a cybersecurity firm, said on Thursday that in order to attract as many targets as possible, attackers must keep up with current events. The box office success of Sony/Spider-Man: Marvel’s No Way Home has surpassed $1 billion, making it the highest-grossing film of 2021. 

Source: https://news.bitcoin.com/spider-man-no-way-home-torrents-crypto-malware/