From forbes.com
With threat actors taking just 60 seconds to move you from being attacked to hacked, Gmail responding to close down exploit loopholes and shady initial access brokers such as the ToyMaker looking for new flaws to use, the last thing you probably want to read is how Google has tracked 75 zero-day vulnerabilities exploited in the wild.
From computerweekly.com
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently
From safetydetectives.com
SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor published a .CSV file allegedly containing over 200 million records from X users.
From bgr.com
For years, Apple has implemented strong encryption in the iPhone and most of its other products, resisting requests from Western governments to build backdoors into its encrypted software. Because, for years, we saw politicians in the US, UK, and other regions demand iPhone backdoors that law enforcement agencies can use when dealing with criminals hiding behind encrypted products and services.
…Fast-forward to early October, and a stunning The Wall Street Journal report shows exactly what happens with backdoors in secure systems. A team of hackers associated with the Chinese government reportedly obtained access to critical infrastructure belonging to AT&T, Lumen, and Verizon that US law enforcement uses for wiretapping purposes.
From thehackernews.com
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to reconstruct text entered via gaze-controlled typing,” a group of academics from the University of Florida, CertiK Skyfall Team, and Texas Tech University said.
“The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar.”
Following responsible disclosure, Apple addressed the issue in visionOS 1.3 released on July 29, 2024. It described the vulnerability as impacting a component called Presence.
From bleepingcomputer.com
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others.
While Cloudflare says they are currently conducting scheduled maintenance in Sinagpore and Nashville, its status page does not indicate any problems.
However, for many users worldwide, when attempting to access websites utilizing Cloudflare, web browsers will display error messages stating they have trouble connecting to the server, as shown below.
From gov.uk / Student Loans Company
At the start of the 24/25 academic year, the Students Loans Company (SLC) is reminding students to be vigilant of smishing scams.
Scammers target students at this time of year as they receive their first maintenance loan payment. SLC is expecting to pay £2bn to students over the autumn term and last year it stopped £2.9m of maintenance loan payments being taken by smishing and phishing scams, where students received and acted on false communications.
Smishing, which is fraud involving text messages, is currently the most popular form of scam, with students usually being asked to click a link to complete a task – for example verifying bank details or confirming their personal information, providing an opportunity for a payment to be diverted to a scammer’s bank account.