Tag: macOS
-
Sicherheit und mehr: Das steckt in den jüngsten Updates für Mac, iPhone und iPad
Apple hat weitere Informationen zu iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5 sowie macOS 13.7.4, 14.7.4 und 15.3.1 veröffentlicht. Leider nicht sehr ausführlich. First seen on heise.de Jump to article: www.heise.de/news/Sicherheit-und-mehr-Das-steckt-in-den-juengsten-Updates-fuer-Mac-iPhone-und-iPad-10277332.html
-
iOS, iPadOS, MacOS, WatchOS und VisionOS: Apple-Betriebssysteme erhalten Sicherheitsupdates
iOS 18.3.1 schließt eine kritische Sicherheitslücke. Mit 8.4. soll Apple Intelligence in die EU kommen. First seen on golem.de Jump to article: www.golem.de/news/ios-ipados-macos-watchos-und-visionos-apple-betriebssysteme-erhalten-sicherheitsupdates-2502-193213.html
-
Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t
By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing First seen on blog.talosintelligence.com Jump to…
-
Infostealers Aimed At MacOS Surges
Tags: macOSFirst seen on scworld.com Jump to article: www.scworld.com/brief/infostealers-aimed-at-macos-surges
-
Ghidra 11.3 Released A Major Update to NSA’s Open-Source Tool
Tags: cyber, cybersecurity, linux, macOS, open-source, reverse-engineering, software, tool, update, windowsThe National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework. Known for its robust capabilities in analyzing compiled code across multiple platforms, including Windows, macOS, and Linux, this release introduces significant enhancements aimed at improving performance and usability for cybersecurity professionals. One of the…
-
Infostealers targeting macOS jumped by 101% in second half of 2024
Tags: macOSFirst seen on scworld.com Jump to article: www.scworld.com/news/infostealers-targeting-macos-jumped-by-101-in-second-half-of-2024
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
Password Stealing Malware Attacking macOS Users Increasing Rapidly
In a concerning trend, macOS users are facing an unprecedented rise in password-stealing malware attacks. Recent cybersecurity reports reveal a 101% surge in macOS infostealers during the latter half of 2024, marking these threats as the most significant category of new malware targeting Apple devices. Infostealers such as Atomic Stealer, Poseidon Stealer, and Cthulhu Stealer…
-
FlexibleFerret malware targets the macOS via North Korea job campaign
First seen on scworld.com Jump to article: www.scworld.com/news/flexibleferret-malware-targets-the-macos-via-north-korea-job-campaign
-
MacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
Apple’s macOS Kernel Vulnerability (CVE-2025-24118) Exposes Users to Privilege Escalation Attacks PoC Released
A critical privilege escalation vulnerability in Apple’s macOS kernel has been revealed, posing a significant risk to users. The flaw, identified as CVE-2025-24118, affects multiple versions of macOS, iPadOS, and macOS Sequoia. Security researcher Joseph Ravichandran (@0xjprx) from MIT CSAIL brought this issue to light, demonstrating how a race condition in the macOS XNU kernel could lead to…
-
State-linked hackers deploy macOS malware in fake job interview campaign
Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korean-hackers–fake-interview/739165/
-
22 New Mac Malware Families Seen in 2024
Nearly two dozen new macOS malware families were observed in 2024, including stealers, backdoors, downloaders and ransomware. The post 22 New Mac Malware Families Seen in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/22-new-mac-malware-families-seen-in-2024/
-
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.”Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some…
-
N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams
N. Korean ‘FlexibleFerret’ malware targets macOS with fake Zoom apps, job scams, and bug report comments, deceiving users… First seen on hackread.com Jump to article: hackread.com/north-korea-flexibleferret-malware-macos-fake-zoom-job-scams/
-
Microsoft Sets End Date for Defender VPN
Though Windows, iOS, and macOS users won’t need to make any changes, Android users are advised to remove their Defender VPN profiles. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/microsoft-sets-end-date-for-defender-vpn
-
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.”Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy…
-
SparkRAT: A Persistent Cross-Platform Cyber Threat Targeting macOS and Beyond
Since its initial release on GitHub in 2022 by user XZB-1248, SparkRAT has evolved into a widely used First seen on securityonline.info Jump to article: securityonline.info/sparkrat-a-persistent-cross-platform-cyber-threat-targeting-macos-and-beyond/
-
Hackers Attacking Windows, macOS, and Linux systems With SparkRAT
Researchers have uncovered new developments in SparkRAT operations, shedding light on its persistent use in malicious campaigns targeting macOS users and government organizations. The findings, detailed in a recent report, underscore the evolving tactics of threat actors leveraging SparkRAT’s modular framework and cross-platform capabilities across Windows, macOS, and Linux. SparkRAT’s Communication Originally released on GitHub…
-
Apple Security Update Patch for iOS Zero-day, MacOS More
Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation. The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment to user security and privacy. Patch Details The updates, released on January 27, 2025, include…
-
Homebrew macOS Users Targeted With Information Stealer Malware
A malicious campaign has been redirecting macOS users to a fake Homebrew website, infecting them with information stealer malware. The post Homebrew macOS Users Targeted With Information Stealer Malware appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/homebrew-macos-users-targeted-with-information-stealer-malware/
-
Fake Homebrew site leverages Google ads to target macOS, Linux devices
First seen on scworld.com Jump to article: www.scworld.com/news/fake-homebrew-site-leverages-google-ads-to-target-macos-linux-devices
-
Neue Bedrohung für macOS: AmosStealer will eure Krypto-Wallets
Gefährliche Malware AmosStealer greift Mac-Benutzer an: Passwörter und Krypto-Wallets jetzt vor Diebstahl schützen! First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/neue-bedrohung-fuer-macos-amosstealer-will-eure-krypto-wallets-308494.html
-
Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users
Tags: 2fa, advisory, authentication, cve, fido, flaw, linux, macOS, mfa, open-source, risk, software, threat, vulnerabilityYubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue, tracked as CVE-2025-23013, allows for a partial 2FA bypass protections when using YubiKeys or other FIDO-compatible authenticators. The vulnerability poses a high-risk security threat and could potentially compromise…
-
CVE-2024-44243 macOS flaw allows persistent malware installation
Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS’s System Integrity Protection (SIP). Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with >>root
-
Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP
CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection… First seen on hackread.com Jump to article: hackread.com/microsoft-macos-flaw-cve-2024-44243-bypassing-sip/