Morning Bowl - 2022-08-19

Welcome to another Morning Bowl breakout:

S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
Latest episode - listen now (or read if you prefer!)
Read more....

Apple patches double zero-day in browser and kernel – update now!
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Read more....

Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware
A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It
Read more....

China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year
The Chinese advanced persistent threat (APT) actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation,"
Read more....

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities
Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An
Read more....