Tag: apple
-
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Researchers recently warned that threat actors…
-
Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says
In a report released on Monday, threat intelligence specialists at Microsoft said that they have discovered the new XCSSET strain in limited attacks. XCSSET, first spotted in the wild in August 2020, spreads by infecting Xcode projects, which developers use to create apps for Apple devices. First seen on therecord.media Jump to article: therecord.media/hackers-use-macos-malware-to-steal-crypto
-
New Variant of macOS Threat XCSSET Spotted in the Wild
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-variant-macos-threat-xcsset
-
Renderbilder vom iPhone 17 Air aufgetaucht: Kopiert Apple jetzt einen Konkurrenten?
First seen on t3n.de Jump to article: t3n.de/news/renderbilder-vom-iphone-17-air-aufgetaucht-kopiert-apple-jetzt-einen-konkurrenten-1673690/
-
New XCSSET Malware Variant Targeting macOS Notes App and Wallets
Microsoft warns Apple developers about a new XCSSET malware variant targeting macOS, posing security risks through stealthy infections… First seen on hackread.com Jump to article: hackread.com/xcsset-malware-variant-targets-macos-notes-wallets/
-
New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).TA2727 is a “threat…
-
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm
Xcode developers targeted through infected projects: Microsoft reported that XCSSET continues to spread via compromised Xcode projects, a technique that has been in use since the malware’s discovery in 2020. Once an infected project is cloned or downloaded, the malware can embed itself within the developer’s system and further propagate when the infected code is…
-
New XCSSET macOS malware variant used in limited attacks
Microsoft discovered a new variant of the Apple macOS malware XCSSET that was employed in limited attacks in the wild. Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular macOS malware that targets users by infecting Xcode projects, it has been active since at…
-
Privacy Roundup: Week 7 of Year 2025
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.”Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on…
-
XCSSET macOS malware returns with first new version since 2022
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert First seen on theregister.com Jump to article: www.theregister.com/2025/02/17/macos_xcsset_malware_returns/
-
New XCSSET Malware Targets macOS Users Through Infected Xcode Projects
Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant introduces advanced obfuscation techniques, updated persistence mechanisms, and novel infection strategies, making it more challenging…
-
USB-C bei iPhone und Mac absichern: MDM-Admins dürfen Sicherheit reduzieren
Eigentlich sorgt der sogenannte USB-Restricted-Mode dafür, dass sich Apple-Geräte nur schwer über den USB-C-Port angreifen lassen. Admins können das verhindern. First seen on heise.de Jump to article: www.heise.de/news/USB-C-bei-iPhone-und-Mac-absichern-MDM-Admins-duerfen-Sicherheit-reduzieren-10279840.html
-
UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking
In this episode, we discuss the UK government’s demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse……
-
Security Affairs newsletter Round 511 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog…
-
U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: This week Apple released…
-
What is an encryption backdoor?
Talk of backdoors in encrypted services is once again doing the rounds after reports emerged that the U.K. government is seeking to force Apple to open up iCloud’s end-to-end encrypted (E2EE) device backup offering. Officials were said to be leaning on Apple to create a >>backdoor
-
The Official DOGE Website Launch Was a Security Mess
Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire. First seen on wired.com Jump to article: www.wired.com/story/the-official-doge-website-launch-was-a-security-mess/
-
Texas investigating DeepSeek for violating data privacy law
Attorney General Ken Paxton’s office requested relevant documents from Google and Apple, seeking their “analysis” of DeepSeek and asking what documentation they required from the company before they made it available on their app stores. First seen on therecord.media Jump to article: therecord.media/texas-investigating-deepseek-privacy
-
Congress is PISSED at British Backdoor Bid, but Apple Stays Shtum
Just meet me at the ADP: Sen. Ron Wyden and Rep. Andy Biggs got no love for the United Kingdom First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/uk-apple-e2ee-richixbw/
-
UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple
US administration asked to kick UK out of 65-year-old UK-US Five Eyes intelligence sharing agreement after secret order to access encrypted data of Apple users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619170/UK-accused-of-political-foreign-cyberattack-on-US-after-serving-secret-snooping-order-on-Apple
-
Watchdog ponders why Apple doesn’t apply its strict app tracking rules to itself
Germany’s Federal Cartel Office voices concerns iPhone maker may be breaking competition law First seen on theregister.com Jump to article: www.theregister.com/2025/02/14/apple_app_tracking_probe/
-
Kartellamt meldet Bedenken gegen App-Tracking an
Das Bundeskartellamt untersucht seit 2022 Apples App Tracking Transparency Framework – und hat nun Anzeichen für einen Wettbewerbsvorteil gefunden. First seen on golem.de Jump to article: www.golem.de/news/apple-kartellamt-meldet-bedenken-gegen-app-tracking-an-2502-193340.html
-
UK accused of political ‘foreign cyberattack’ on US after serving secret snooping order on Apple
US administration asked to kick UK out of 65-year-old UK-USA “Five Eyes” intelligence sharing agreement after secret order to access encrypted data of Apple users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619170/UK-accused-of-political-foreign-cyberattack-on-US-after-serving-secret-snooping-order-on-Apple
-
Top cryptography experts join calls for UK to drop plans to snoop on Apple’s encrypted data
Some of the world’s leading computer science experts have signed an open letter calling for the Home secretary, Yvette Coooper to drop a controversial secret order to require Apple to provide access to people’s encrypted data First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619260/Top-cryptography-experts-join-calls-for-UK-to-drop-plans-to-snoop-on-Apples-encrypted-data
-
US lawmakers press Trump admin to oppose UK’s order for Apple iCloud backdoor
Senator, Congressman tell DNI to threaten infosec agreements if Blighty won’t back down First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/us_demand_uk_apple_backdoor_close/
-
The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/13/uk-government-icloud-backdoor-request/
-
Breaking macOS Apple Silicon Kernel Hardening: KASLR Exploited
Security researchers from Korea University have successfully demonstrated a groundbreaking attack, dubbed SysBumps, which bypasses Kernel Address Space Layout Randomization (KASLR) in macOS systems powered by Apple Silicon processors. This marks the first successful breach of KASLR on Apple’s proprietary ARM-based architecture, revealing significant vulnerabilities in the kernel hardening mechanisms of modern macOS systems. KASLR…