Apple CocoaPods Bugs Expose Millions of Apps to Code Injection

Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade. [TechWeb]( Follow Dark Reading: [RSS]( July 02, 2024 LATEST SECURITY NEWS & COMMENTARY [Apple CocoaPods Bugs Expose Millions of Apps to Code Injection]( Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade. [Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw]( Although not yet exploited in the wild, the max-critical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns. ['RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems]( The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root. [Prudential Data Breach Victim Count Soars to 2.5M]( The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals. [Multi-Malware 'Cluster Bomb' Campaign Drops Widespread Cyber Havoc]( "Unfurling Hemlock" has deployed malware on tens of thousands of systems worldwide by nesting multiple malicious files inside other malicious files. [Thinking About Security, Fast & Slow]( To be effective, managing risk demands both fast responses and strategic thinking. [Google Opens $250K Bug Bounty Contest for VM Hypervisor]( If security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISA Flags Memory-Unsafe Code in Major Open Source Projects]( Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon. [CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. [Unfounded Fears: AI Extinction-Level Threats & the AI Arms Race]( There is an extreme lack of evidence of AI-related danger, and proposing or implementing limits on technological advancement isn't the answer. [Hundreds of Thousands Impacted in Children's Hospital Cyberattack]( Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk. [MORE]( PRODUCTS & RELEASES [The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester - Notice of Data Security Incident]( [Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures]( [Landmark Admin, LLC Provides Notice of Data Privacy Incident]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Dark Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion." LATEST FROM THE EDGE [Name That Edge Toon: Cyber Cloudburst]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Apple's AI Moves Will Impact Future Chip, Cloud Security Plans]( Analysts say Apple's black-box approach provides a blueprint for rival chip makers and cloud providers. LATEST FROM DR GLOBAL [Papua New Guinea Sets High Bar in Data Security]( The small island nation's new data protection and governance policy reflects a forward-thinking cybersecurity strategy. WEBINARS - [Enhance Cloud Security with Cloud-Native Security]( In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers. - [Smart Service Management]( Attend this webinar to get real-life examples of how teams are expediting response time, decreasing team drain, and increasing self-service adoption. [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Hunting in the Cloud: Adapting to the New Landscape]( - [Dynamic Computing Calls for Cyber Resilience, Not Just Security]( - [Continuous Asset Discovery Do and Don'ts]( - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [How Cyber Threat Intelligence Empowers the C-Suite]( - [2024 InformationWeek US IT Salary Report]( - [SecOps Checklist]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124324&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_07.02.24&sp_cid=54115&utm_content=DR_NL_Dark%20Reading%20Daily_07.02.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#e6 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)