Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities
Sep22

Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities

Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A vulnerability – CVE-2023-41991 – in the Apple security framework could be exploited to allow a malicious app to bypass signature validation. A vulnerability has been identified in the WebKit browser engine – CVE-2023-41993 – that could be exploited via a...

Read More
Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft
Sep19

Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft

Security researchers at Wiz have identified a major leak of internal data at Microsoft. The breach occurred three years ago in 2020 when an employee shared a URL for a blob store in a public GitHub repository while contributing to open source AI learning models. Wiz reported the data leak to the Microsoft Security Response Center (MSRC) in June, and on Monday, MSRC issued an advisory confirming this was an internal data leak involving...

Read More
TikTok Slapped with €345 Million Fine for Child Privacy Violations
Sep18

TikTok Slapped with €345 Million Fine for Child Privacy Violations

The Data Protection Commission (DPC) in Ireland has fined TikTok €345 million ($368 million) for multiple violations of the General Data Protection Regulation (GDPR) related to the processing of children’s personal information and other child privacy issues. The DPC initiated an investigation of TikTok to determine if the company was fulfilling its obligations under the GDPR to protect the privacy of child users of the platform. The...

Read More
Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability
Sep13

Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability

Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow issue in the WebP code library. This type of vulnerability results in more data being written for a memory buffer than the buffer is able to hold, which can result in an application crashing or code execution. While Google has confirmed that there is an exploit...

Read More
Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday
Sep13

Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday

September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are rated critical, 55 are rated important, 1 is rated moderate, and the severity of 5 is unknown. The actively exploited vulnerabilities are: CVE-2023-36802 – Microsoft Streaming Service Proxy elevation of privilege vulnerability that allows attackers to gain...

Read More