Apple issued another patch to stop TriangleDB cyber snooping The Register

Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "May have been actively exploited against versions of iOS released before iOS 15.7," according to Apple's security update. Exploiting this flaw allows the execution of arbitrary code with kernel privileges. This is the second patch that Apple has issued to fix the vulnerability. In July, the company released an update addressing the same issue for nearly every iPhone and iPad model as well as Apple Watches series 3 and later, and computers running macOS Ventura, Monterey, and Big Sur. This week's patch fixes CVE-2023-32434 in iOS 15.8 and iPadOS 15.8, and the update is available for iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch. Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, Boris Larin, and Valentin Pashkov discovered the bug and reported it to Apple. According to the threat intel team, it was one of four then-zero-day vulnerabilities they found while investigating an espionage campaign dubbed Operation Triangulation. The other three bugs discovered by Kaspersky researchers are: CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990, and they were used by still-unknown cyber spies to compromise essentially all manner of Apple products. Kaspersky first reported on the previously unknown spyware on June 1, saying it had initially discovered TriangleDB on "Several dozen" iPhones belonging to its own top and middle-management via network traffic analysis. The spyware requires no user interaction to infect victims' devices, remains "Completely hidden" once it's planted, and then has access to all data and system information including microphone recordings, photos from messages and geolocation data, the Russian security shop said. "Following publication of the first report about the Operation Triangulation, we set up a mailbox for victims of similar attacks to be able to write to, and received emails from other users of Apple smartphones, claiming that they also found signs of infection on their devices," Kaspersky's global research and analysis team told The Register. These victims included security researchers based in Russia, Europe, the Middle East, Turkey and Africa. "Judging by the cyberattack characteristics we're unable to link this cyberespionage campaign to any existing threat actor," they added. IN response, Kaspersky has released a triangle check tool that automatically scans iOS device backups for possible TriangleDB indicators of compromise. The research team also promised to "Shed light on more technical details in the near future." .

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Apple issued another patch to stop TriangleDB cyber snooping The Register

Apple issued another patch to stop TriangleDB cyber snooping The Register - Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "May have been actively exploited ...
10 months ago Theregister.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
8 months ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
7 months ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
8 months ago Scmagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
4 months ago Therecord.media
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
5 months ago Cyberdefensemagazine.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
9 months ago Securityboulevard.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
10 months ago Techrepublic.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
9 months ago Techrepublic.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
10 months ago Darkreading.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 week ago Cyberdefensemagazine.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
6 months ago Cisa.gov
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
8 months ago Securityzap.com
WebKit security hole found The Register - Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack. The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked as ...
10 months ago Go.theregister.com
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
7 months ago Cybersecurity-insiders.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
3 months ago Heimdalsecurity.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Cybersecurity Tops 2024 Global Business Risks - The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024. The 13th annual business ...
8 months ago Cybersecurity-insiders.com
75% Organizations Struggle with Recurring Cyber Attacks - In a time when advancements in technology rule these days, the constant risk of cyber attacks hangs over businesses all over the world. This study highlighted the difficulties Chief Information Security Officers encounter during cyber attacks. This ...
10 months ago Securityboulevard.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
4 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)