Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20.  The tech giant stated that the two bugs in its WebKit browser engine were being actively exploited in the wild.  The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

A collection of security vulnerabilities named LogoFAIL affects image-parsing components in the Unified Extensible Firmware Interface (UEFI) code from different vendors. According to researchers, attackers could use the vulnerabilities to hijack the execution flow of the booting process and deliver bootkits. Since the problems are in image-parsing libraries, which vendors use to display logos during the booting routine, they have a significant impact. They extend to x86 and ARM architectures.

According to Hornetsecurity, even though there has been an increase in the adoption of collaboration and instant messaging software, email remains a significant concern regarding cyberattacks. The threat of cybercriminals using malicious web links in emails is growing. An analysis of 45 billion emails revealed a 144 percent increase in this type of attack over the last year, rising from 12.5 percent of all threats in 2022 to 30.5 percent in 2023. However, phishing is still the most common email attack method.

Patrick Wardle, a cybersecurity researcher specializing in Apple products, has analyzed a new macOS ransomware named Turtle.  Wardle noted that Turtle ransomware is currently not sophisticated, but the malware's existence indicates that cybercriminals continue to show an interest in targeting macOS users.  Versions of the Turtle ransomware have also been created for Windows and Linux systems.  Wardle stated that the malware was developed in Go and, based on strings found in the binary, "Turtle" appears to be the name given by its author.

According to a team of researchers from Google DeepMind, Cornell University, and four other universities who tested ChatGPT's vulnerability to leaking data when prompted in a certain way, getting it to repeat the same word can cause it to regurgitate large amounts of its training data, including Personally Identifiable Information (PII) and other scraped data. This article continues to discuss the hacking method demonstrated to extract ChatGPT training data.

The Leica M11-P, which was announced in late October, is the world's first camera to support content credentials, an encryption technology that ensures the authenticity of photos taken by the camera. The metadata system can track a photo from when it is taken to when it is published, logging every change made along the journey. Once published, the photo can show a small interactive icon that provides information, such as the device used to take it, the programs used to edit it, and whether the image is entirely or partially Artificial Intelligence (AI)-generated.

A study published in the International Journal of Business Information Systems used social network analysis to look at the most important and influential users employing Pretty Good Privacy (PGP) data encryption. The study aimed to identify areas where there could be problems that could lead to data compromise. The team behind the study pointed out that PGP is most commonly used in email protection. However, there is the issue of ensuring that the encryption keys being used have not been forged. This article continues to discuss key findings from the study.

A new report reveals that the Uzbekistan Ministry of Foreign Affairs and people in South Korea are being targeted by hackers based in China using the SugarGh0st malware strain. Cisco highlighted the malware, which researchers believe is a variant of Gh0st RAT. Gh0st RAT has been used by different Advanced Persistent Threat (APT) groups for over a decade against diplomatic, political, economic, and military targets globally. In the latest campaign, researchers discovered four samples launched as part of the campaign, including one sent to users in the Uzbekistan Ministry of Foreign Affairs.

According to a new study from Cardiff Metropolitan University, only 5 percent of UK adults understand the significance of the padlock in the Internet browser's address bar, posing a threat to online safety. The padlock icon on a web browser indicates that the data sent between the web server and the user's computer is encrypted and cannot be read by others. Researchers got various wrong answers when they asked people what they thought it meant. This article continues to discuss findings from the study and what it means for online safety.

Artificial Intelligence (AI)-driven social engineering attacks are reshaping the threat landscape. AI has emerged as a significant tool for manipulation, helping to stage attacks with precision and personalization far exceeding the capabilities of its human predecessors. The ability to digest and interpret large datasets and learn from them is at the heart of AI and Machine Learning (ML). Targeting and personalization at scale are some of the goals of cybercriminals.