Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Tue Apr 11 2023 12:55:39

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***
	
Attention gamers! Motherboard maker MSI admits to breach, issues "rogue
firmware" alert

Stealing private keys is like getting hold of a medieval monarch's
personal signet ring...you get to put an official seal on treasonous
material.

***
	
Apple zero-day spyware patches extended to cover older Macs, iPhones
and iPads

That double-whammy Apple browser-to-kernel spyware bug combo we wrote
up last week? Turns out it applies to all supported Macs and iDevices -
patch now!

***

Popular server-side JavaScript security sandbox "vm2" patches remote
execution hole

The security error was in the error handling system that was supposed
to catch potential security errors...

***

Apple issues emergency patches for spyware-style 0-day exploits - update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from
the wild by Amnesty International.

***

S3 Ep129: When spyware arrives from someone you trust

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there 
should be TWO World Backup Days... listen now!
--- SBBSecho 3.14-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.