Found 12 bookmarks
Custom sorting
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
#mikko-kenttala#EN#2024#Critical#zero-click#macos#vulnerability
·mikko-kenttala.medium.com·
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Russian Military Cyber Actors Target US and Global Critical Infrastructure
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
#cisa#EN#2024#FBI#CISA#GRU#Global#Critical#Infrastructure#Unit29155#GRU-affiliated
·cisa.gov·
Russian Military Cyber Actors Target US and Global Critical Infrastructure