Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Apple patches the zero-day flaw CVE-2022-22620. Security updates for iOS, iPadOS and macOS. The vulnerability is actively exploited by cybercrime actors
Apple released new cyber security updates to fix a zero-day vulnerability exploited actively by cybercrime actors to hack the company device systems: the iOS 15.3.1, the iPadOS 15.3.1 and the Monterey 12.2.1. The CVE-2022-22620 allows attackers to execute arbitrary code on iOS and iPadOS after processing maliciously crafted web content. Furthermore, the flaw has been used for targeted aggressions on macOS. According to the company, “processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” As Bleeping Computer reports, the CVE-2022-22620 is the third 0-day vulnerability patched by Apple in 2022. The other two were the CVE-2022-22587 and the CVE-2022-22594, both solved in January.