UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.
Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability
According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo
A flaw was found in Red Hat’s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
A flaw was found in APICast, when 3Scale’s OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution.
macOS Sonoma is the current major release of macOS
Safari is a web browser developed by Apple
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Lorraine Dryland, CISO at First Sentier Investors, discusses how to help executives make fast and informed decisions when presented with a ransomware demand
