Apple’s security response team on Thursday released emergency patches to cover a pair of “actively exploited” vulnerabilities affecting macOS, iOS and iPadOS devices.
Apple Ships Emergency Patches for ‘Actively Exploited’ macOS, iOS Flaws
New Modem Wiper Malware May be Connected to Viasat Hack
A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany.
Skiff Banks $10.5M for E2E Encrypted Workplace Collaboration
Sequoia Capital has doubled down on its early-stage investment in Skiff, a startup building a security-themed, end-to-end encrypted workspace collaboration platform.
Investors Bet on Cyberpion in Attack Surface Management Space
Attack surface management specialists Cyberpion has secured $27 million in early-stage funding to build technology that helps organizations manage exposure to risk.
Chrome Browser Gets Major Security Update
Google this week released a security-themed Chrome browser makeover with patches 28 documented vulnerabilities, some serious enough to lead to code execution attacks.
The new browser refresh is now rolling out to Windows, Mac and Linux users as Chrome 100.0.4896.60.
Researchers Find Python-Based Ransomware Targeting Jupyter Notebook Web Apps
Researchers warn of likely future ransomware attacks against web applications used by data scientists
Researchers have found what they believe to be the first Python-based ransomware sample specifically targeting Jupyter Notebooks.
Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy
A Boston startup has raised $25 million in early-stage funding to tackle the erosion of privacy in today’s data sharing ecosystems.
The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.
Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious packages” into the NPM ecosystem.
Estonian Ransomware Operator Sentenced to Prison in US
An Estonian man was sentenced to 66 months in prison in the United States for his role in ransomware attacks that caused more than $53 million in losses.
The cybercriminal, Maksim Berezan, who was arrested in Latvia and later extradited to the United States, pleaded guilty in April 2021 to conspiracy to commit wire fraud and device fraud.
Critical Remote Code Execution Vulnerability in Sophos Firewall
Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product.
Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases.
