Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses – Tempemail

A new as-yet unpatched weakness in Apple’s iCloud Private Relay feature could be circumvented to leak users’ true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the Continue Reading

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows – Tempemail

Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads. “Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code Continue Reading

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software – Tempemail

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is Continue Reading

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days – Tempemail

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group’s Pegasus surveillance tool to target iPhone Continue Reading

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials – Tempemail

An unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in Continue Reading

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit – Tempemail

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. “These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific Continue Reading

Why You Should Consider QEMU Live Patching – Tempemail

Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at Continue Reading

Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers – Tempemail

More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, Continue Reading

New Android Malware Targeting US, Canadian Users with COVID-19 Lures – Tempemail

An “insidious” new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint’s messaging security subsidiary Continue Reading

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation – Tempemail

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available Continue Reading