Author: nlqip
A process of the Shortcuts app, com.apple.WorkflowKit.BackgroundShortcutRunner, which executes shortcuts in the background on Apple devices can still, despite being sandboxed by TCC, access some sensitive data. This allows for crafting a malicious shortcut, which can then be circulated through Shortcut’s sharing mechanism. “This sharing mechanism extends the potential reach of the vulnerability, as users unknowingly import…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users…
Read More
ESET products and research have been protecting Ukrainian IT infrastructure for years. Since the start of the war in February 2022, we have prevented and investigated a significant number of attacks launched by Russia-aligned groups. We have also published some of the most interesting findings on WeLiveSecurity: Even though our main focus remains on analyzing…
Read More
Feb 23, 2024NewsroomData Privacy / iOS Security Details have emerged about a now-patched high-severity security flaw in Apple’s Shortcuts app that could permit a shortcut to access sensitive information on the device without users’ consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of…
Read More
Digital Security You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission. 22 Feb 2024 • , 6 min. read A common message that any user of a social platform like Discord might see sometimes…
Read More
Feb 23, 2024NewsroomPrivacy / Regulatory Compliance The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users’ browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-018 DATE(S) ISSUED: 02/08/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of…
Read MoreApply appropriate updates provided by Juniper to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read More
After more than two years the Australian government is back to the top five sectors with the most reported data breaches to the Office of the Australian Information Commissioner (OAIC). The Australian government is also the only of the five sectors that had human error as the top cause of data breaches. The Notifiable Data…
Read More
After a year in which AI has become ubiquitous, it’s time to prove that we know how to use it, and to move towards a more professional use of it in our work routine, Check Point CEO Gil Shwed told attendees at the company’s CPX 2024 event in Vienna on Wednesday. The company presented a…
Read More