Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)
Apple has released security updates for – pardon the pop-culture reference – everyhing everywhere all at once, and has fixed the WebKit vulnerability …
How ChatGPT is changing the cybersecurity game
The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos …
Sophos improves cyberthreat defenses with endpoint security advancements
Sophos introduced innovative advancements to its portfolio of endpoint security offerings. New adaptive active adversary protection; Linux malware protection enhancements; …
CISA releases ESXiArgs ransomware recovery script
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess …
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)
It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …
Cybercriminals are scamming each other, tipping off law enforcement
Cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams, according to Sophos. For this report, Sophos experts …
Sophos introduces new threat detection and response capabilities within its MDR offering
Sophos has released Sophos Managed Detection and Response (MDR) with new threat detection and response capabilities. Sophos is the endpoint security provider to integrate …
Sophos expands its MDR offering to include compatibility with third-party cybersecurity products
Sophos has launched new third-party security technology compatibilities with Sophos Managed Detection and Response (MDR) to better detect and remediate attacks across diverse …
Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)
A freshly fixed vulnerability (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could …
RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic …
Exploiting stolen session cookies to bypass multi-factor authentication (MFA)
Active adversaries are increasingly exploiting stolen session cookies to bypass multi-factor authentication (MFA) and gain access to corporate resources, according to Sophos. …
Photos: Black Hat USA 2022
Here’s a photo gallery that provides a look inside Black Hat USA 2022. For our complete coverage of the conference, live from Las Vegas, check out our microsite. Bayside …