A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)
Using Apple Devices?
Do this: Apply the latest Apple iOS security updates.
Why: Researchers have identified two vulnerabilities–tracked as CVE-2021-30860 and CVE-2021-30858–that both allow maliciously crafted documents to execute commands when opened on unpatched devices. While publicly-available exploit code has not been released, Apple has stated that they are aware of a report that these issues may have been actively exploited.
Additional Info: https://www.bleepingcomputer.com/news/apple/apple-fixes-ios-zero-day-used-to-deploy-nso-iphone-spyware/?fbclid=IwAR1tRRbTBlTEm_7ll0bGV_FAZXi44k6gIqK3t8MShT0Nxo1XNVJhCU04spg
US Cert: https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve
About the Author
Ryan Bradbury, CISSP, OSCP
Principal Consultant & Cofounder
As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.