Apple has released an emergency update to fix a new zero-day vulnerability in iOS 17 that has been actively exploited by hackers to hack iPhones. The update, labeled iOS 17.0.3, also addresses overheating issues on iPhone 15 devices. The vulnerability, which was discovered by security researchers, allowed attackers to gain unauthorized access to iOS devices and potentially steal sensitive user information.
According to reports, the zero-day vulnerability was being used in a targeted hacking campaign, although the exact scope and scale of the attacks are still unknown. Apple has not disclosed any details about the hackers or their motives. The company is urging all iPhone users to update their devices to the latest version of iOS to protect themselves from potential attacks.
In other cybersecurity news, it has been reported that Qakbot-affiliated actors are continuing to distribute the Ransom Knight malware despite a recent takedown of their infrastructure. Qakbot is a notorious banking trojan that has been active since 2007 and has evolved over time to include ransomware capabilities. The recent takedown of the infrastructure used by Qakbot has not stopped its operators from carrying out their malicious activities.
Meanwhile, a cybersecurity company called HUMAN has disrupted a digital supply chain threat actor scheme originating from China. The scheme, known as BADBOX, involved the insertion of malware into the device supply chain. HUMAN’s detection and mitigation efforts have helped protect numerous organizations from falling victim to this supply chain attack.
Another cybersecurity vulnerability making headlines is a bug called LooneyTunables, which has been discovered in millions of Linux systems. This bug, when exploited, allows attackers to gain root-level access to Linux systems, potentially enabling them to take full control of the affected devices. The bug affects major Linux distributions and poses a significant risk to users who may be unaware of its existence.
In relation to cyberattacks, it has been revealed that the Scattered Spider group is believed to be responsible for a recent cyberattack against Clorox. The group, which has previously targeted casinos, is suspected to have gained unauthorized access to Clorox’s systems and potentially stolen sensitive data. Clorox has warned of a potential impact on its sales as a result of the cyberattack.
Furthermore, Sony has confirmed a data breach that has impacted thousands of individuals in the United States. The breach, which was discovered by the company’s security team, has resulted in the exposure of sensitive information belonging to customers. Sony has sent data breach notifications to approximately 6,800 individuals who may have been affected by the incident.
Lastly, in a separate development, the Kremlin has tightened control over the Russian information space. This move comes as part of the Russian government’s efforts to increase its influence over the flow of information within the country. The measure is seen as a further step in the government’s ongoing campaign to control and regulate the internet and social media platforms.
Overall, these cybersecurity incidents highlight the ongoing challenges and threats faced by individuals and organizations in the digital world. It is crucial for users to remain vigilant and keep their devices updated with the latest security patches to protect themselves from potential cyberattacks. Additionally, authorities and cybersecurity companies should continue to collaborate and share information to mitigate the risks posed by cybercriminals.