Apple patches actively exploited vulnerabilities against Pegasus spyware
Apple has fixed two critical vulnerabilities for iOS and macOS. The vulnerabilities allowed the Pegasus spyware to be installed on fully updated iPhones.
The vulnerabilities CVE-2023-41064 and CVE-2023-41061 were actively exploited to install the Pegasus spyware from the Israeli company NSO Grou... Read more
Apple releases latest security patches for older devices
Last week's security updates are now available for older iPhones, iPads, and Macs.
This week Apple released iOS and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 to patch two security vulnerabilities in older devices that are still receiving software updates but aren’t capable... Read more
Apple: not all security issues are addressed in older macOS versions
Apple released a document clarifying its security patch policy. Although most of the information isn't new, Apple clarified one aspect it hasn't before. Older versions of macOS and iOS receive security updates, but only devices running the most recent versions should expect to be completely protect... Read more
Google issues another update to fix a zero-day in Chrome
Google issued an update to the Stable channel of its Chrome browser on Wednesday containing a patch for a vulnerability currently in the wild.
According to Google's alert, CVE-2022-2856 is a remedy for "insufficient validation of untrusted input in Intents." Intents often convey data from one pr... Read more
IT and security teams struggle with patching due to complexity, time, and efficiency
It is no secret that many cyberattacks happen because systems have vulnerabilities in software that haven’t been patched yet. However, in 2021, why do companies seem to be slacking on providing the much-needed patches?
Ivanti Inc just published a new report answering that question. The company... Read more
Hackers breached Pulse Secure VPN of companies and government agencies
Suspected Chinese state-sponsored hackers exploited vulnerabilities in Pulse Secure LLC virtual private network appliances, breaching multiple U.S. government agencies.
The attacks were confirmed by FireEye, Pulse Secure itself and the U.S. Department of Homeland Security’s Cybersecurity and ... Read more