Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

Laura FrenchDecember 1, 2023

iOS 17.1.2, macOS Sonoma 14.1.2 and Safari 17.1.2 updates resolve the vulnerabilities.

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Ransomware

Fidelity National Financial back to ‘normal business operations’ after cyberattack

Steve ZurierDecember 1, 2023

All roads in the FNF case lead to a ransomware incident, but there’s still no confirmation which group executed the attack or if a ransom was paid.

Ransomware

Black Basta’s ransom haul tops $100M in less than 2 years

Simon HenderyDecember 1, 2023

Analysis reveals 18 of ransomware gang Black Basta’s 300-plus victims were extorted over $1 million each, with one handed over $9 million.

Sign in Zoom app on laptop screen close up view

Bug Bounties

Zoom flaw enabled hijacking of accounts with access to meetings, team chat

Laura FrenchNovember 30, 2023

Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.

Generative AI

What can you get for $200? Several megabytes of ChatGPT training data

Steve ZurierNovember 30, 2023

The DeepMind researchers it was possible to launch a “Prompt Injection Attack” to extract more training data by spending more money querying the model.

Network security experts analyzing a firewall breach

Security Strategy, Plan, Budget

Fewer cybersecurity professionals losing their jobs in breach ‘blame’ game

Laura FrenchNovember 30, 2023

Cybersecurity job security, vendor loyalty and board support after a breach were covered in a survey of 500 CISOs.

API security

Google 0-day browser bug under attack, patch available

Stephen WeigandNovember 30, 2023

One of the seven security updates Google released Nov. 28 for its Chrome browser is under active exploitation in the wild.

Vulnerability Management

Critical ownCloud bug ‘actively exploited’ after disclosure

Laura FrenchNovember 29, 2023

No confirmed hacking incidents tied to the ownCloud vulnerability has highest severity CVSS score of 10, publicly disclosed Nov. 21.

An Okta sign is seen on its headquarters in San Francisco.

Incident Response

All Okta customer support users exposed in October breach, company discloses

Steve ZurierNovember 29, 2023

While Okta did not report how many customers were affected, the company’s website says more than 18,000 customers use its platform.

Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

SolarWinds lawsuit by SEC puts CISOs in the hot seat

How secure Network-as-a-Service can help network transformation

AI: The new puppet master behind cyberattacks

It makes sense for the Biden administration to focus on software security – but it’s up to the industry to make it happen

Five IAM features that can make or break the business

In Brief

Significant Zyxel vulnerabilities addressed

Qlik Sense flaws leveraged in new CACTUS ransomware attacks

North Carolina city compromised in pre-Thanksgiving cyberattack

US states’ court record systems impacted by document-leaking vulnerabilities

Staples cyberattack disrupts online orders

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Fidelity National Financial back to ‘normal business operations’ after cyberattack

Black Basta’s ransom haul tops $100M in less than 2 years

Zoom flaw enabled hijacking of accounts with access to meetings, team chat

What can you get for $200? Several megabytes of ChatGPT training data

Fewer cybersecurity professionals losing their jobs in breach ‘blame’ game

Google 0-day browser bug under attack, patch available

Critical ownCloud bug ‘actively exploited’ after disclosure

All Okta customer support users exposed in October breach, company discloses

EVENTS

Cyber threat Intelligence: Making sense of a chaotic world

Implementing a Practical AppSec Program: Expert Insights on Strategy & Execution

Network security in 2024: What has changed in the era of cloud computing, and how to adapt

A CISOs Guide to Effective Identity & Access Management (IAM) Practices and Technologies

AI & automation: Redefining and revolutionizing cyber

Cybersecurity News, Awards, Webinars, eSummits, Research

Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

SolarWinds lawsuit by SEC puts CISOs in the hot seat

How secure Network-as-a-Service can help network transformation

AI: The new puppet master behind cyberattacks

It makes sense for the Biden administration to focus on software security – but it’s up to the industry to make it happen

Five IAM features that can make or break the business

In Brief

Significant Zyxel vulnerabilities addressed

Qlik Sense flaws leveraged in new CACTUS ransomware attacks

North Carolina city compromised in pre-Thanksgiving cyberattack

US states’ court record systems impacted by document-leaking vulnerabilities

Staples cyberattack disrupts online orders

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Fidelity National Financial back to ‘normal business operations’ after cyberattack

Black Basta’s ransom haul tops $100M in less than 2 years

Zoom flaw enabled hijacking of accounts with access to meetings, team chat

What can you get for $200? Several megabytes of ChatGPT training data

Fewer cybersecurity professionals losing their jobs in breach ‘blame’ game

Google 0-day browser bug under attack, patch available

Critical ownCloud bug ‘actively exploited’ after disclosure

All Okta customer support users exposed in October breach, company discloses

EVENTS

Cyber threat Intelligence: Making sense of a chaotic world

Implementing a Practical AppSec Program: Expert Insights on Strategy & Execution

Network security in 2024: What has changed in the era of cloud computing, and how to adapt

A CISOs Guide to Effective Identity & Access Management (IAM) Practices and Technologies

AI & automation: Redefining and revolutionizing cyber