Surprisingly, Windows is not included in the Bonanza patch
If you’re using iOS 16, macOS 13 Ventura, iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2, you’d better get patches! There are two zero days out there that you are vulnerable to and they are pretty bad. One is a kernel-level flaw that can be exploited to execute arbitrary code with kernel privileges, while the second is a WebKit bug that will execute code if you end up on a malicious website. Both are being exploited as you read this, so start the update now.
Linux users shouldn’t be giggling right now, as Linux and Linux-based IoT devices are being hijacked as part of a new and rather large campaign. If an attacker somehow gains access to your device, he will inject a trojanized OpenSSH package that will happily steal all of your SSH credentials, hiding under different SSH credentials. There is no solution yet, but Bleeping Computer has a detailed description of the attack which can help you determine if you are a victim.
Last but not least, a new version of the Mirai botnet targets D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear and MediaTek devices. There are 22 flaws for the botnet to choose from, and targets include far more than routers, there are vulnerable network and digital video recorders, WiFi communication dongles, thermal monitoring systems, access control systems, and even video generation monitors. solar power. The list of vulnerabilities is available on Bleeping Computer along with mitigation suggestions.
