The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks.
“A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time,” the Dragos researchers said in a newly released annual report. “This R&D informs their future campaigns and ultimately increases their disruptive capabilities.”
almost 4 years ago, with Windows 10 1903, after more than a year
beta-testing in insider previews, Microsoft finally released UTF-8
support for the -A interfaces of the Windows API.
Posted by Apple Product Security via Fulldisclosure on Feb 14
APPLE-SA-2023-02-13-3 Safari 16.3.1
Safari 16.3.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213638.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed…
Posted by Apple Product Security via Fulldisclosure on Feb 14
APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1
macOS Ventura 13.2.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213633.
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of…
Posted by Apple Product Security via Fulldisclosure on Feb 14
APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1
iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213635.
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel…
Posted by Martin Heiland via Fulldisclosure on Feb 14
Dear subscribers,
we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.
