![]() The advisory notes, “CISA and co-sealers identified an array of threat actor activity, to include overlapping TTPs across multiple APT actors. Patches for both exploits have been available since early this year. The joint advisory includes an extensive description of the threat activity, advice on detection, and recommendations for mitigating risk. The threat actors gained access via CVE-2022-47966 in Zoho ManageEngine ServiceDesk Plus and CVE-2022-42475 in FortiOS SSL-VPN. ![]() Several nation-state actors exploited two vulnerabilities to attack an organization in the aeronautical sector, according to a joint advisory released yesterday by the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and US Cyber Command’s Cyber National Mission Force (CNMF). "Multiple nation-state actors" target the aerospace sector. Both Apple and Citizen Lab characterize this threat as "mercenary spyware," that is, it's spyware sold to a variety of actors, especially government security services, without having any essential political connections. The patches will protect users against BLASTPASS so will enabling Apple's Lockdown Mode on the device.Ĭitizen Lab found BLASTPASS on the device used by "a Washington DC-based civil society organization with international offices. "Apple is aware of a report that this issue may have been actively exploited." The report of active exploitation came from the University of Toronto's Citizen Lab, which found evidence that NSO Group’s Pegasus spyware was being installed in vulnerable devices through a zero-click exploit the Lab calls "BLASTPASS." The attacks used PassKit attachments sent as iMessage images. "A maliciously crafted attachment may result in arbitrary code execution," the company said in its advisories. ![]() The patches affect macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, and watchOS 9.6.2. Yesterday Apple issued three emergency patches for a vulnerability that could be exploited to install spyware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |