Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Apple patches actively exploited iOS 17 vulnerability. Qakbot's survival of a major takedown. BADBOX puts malware into the device supply chain. LoonyTunables and a privilege-escalation risk. Scattered Spider believed responsible for cyberattack against Clorox. Sony discloses information on its data breach. In today’s Threat Vector segment, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. Dave Bittner sits down with Eric Goldstein, Executive Assistant Director at CISA, to discuss shared progress against the ransomware threat. And the Kremlin tightens control over the Russian information space.
On this segment of Threat Vector, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat.
Selected reading.
Apple emergency update fixes new zero-day used to hack iPhones (BleepingComputer)
Apple releases iOS 17.0.3 to address iPhone 15 overheating issues (Computing)
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day (SecurityWeek)
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (Cisco Talos Blog)
HUMAN Disrupts Digital Supply Chain Threat Actor Scheme Originating from China (HUMAN)
Trojans All the Way Down: BADBOX and PEACHPIT (Human)
'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover (Dark Reading)
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions (The Hacker News)
Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)
Clorox Warns of a Sales Mess After Cyberattack (Wall Street Journal)
Sony confirms data breach impacting thousands in the U.S. (BleepingComputer)
Sony sent data breach notifications to about 6,800 individuals (Security Affairs)
Russian Offensive Campaign Assessment, October 4, 2023 (Institute for the Study of War)