Surprisingly, Windows Is Not Included In The Patch Bonanza
If you are running iOS 16, macOS 13 Ventura, iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2 you had better get patching! There are two zero days out there you are vulnerable to and they are rather nasty. One is a kernel-level flaw which can be leveraged to execute arbitrary code with kernel privileges while the second is a WebKit bug which will execute code if you end up on a malicious website. They are both being exploited as you read this, so start that update now.
Linux users shouldn’t snicker right now, as Linux and Linux based IoT devices are being hijacked as part of a new and quite large campaign. If an attacker can gain access to your device somehow, they will inject a trojanized OpenSSH package which will happily steal all your SSH credentials, while hiding itself under a different SSH credentials. There is no solution as of yet, but Bleeping Computer has a detailed description of the attack which may help you to determine if you are a victim.
Last and not least, a new version of the Mirai botnet is targeting D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices. There are 22 flaws for the botnet to choose from and the targets include far more than routers, there are vulnerable digital and network video recorders, WiFi communication dongles, thermal monitoring systems, access control systems, and even solar power generation monitors. The list of vulnerabilities is available at Bleeping Computer along with suggestions on mitigation.
One of the vulnerabilities, CVE-2023-32434, is a kernel-level flaw that can allow apps to "execute arbitrary code with kernel privileges." The other, a WebKit bug labeled CVE-2023-32439, can allow the execution of arbitrary code after processing "maliciously crafted web content."