Tag: macOS
-
Apple Pushes Major iOS, macOS Security Updates
Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities. The post Apple Pushes Major iOS, macOS Security Updates appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-pushes-major-ios-macos-security-updates/
-
SPA is for Single-Page Abuse! Using Single-Page Application Tokens to Enumerate Azure
Author: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin…
-
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as >>Meetio,
-
EDR-Software ein Kaufratgeber
Tags: ai, android, api, backup, browser, chrome, cloud, computing, crowdstrike, cyberattack, detection, edr, endpoint, firewall, identity, incident response, intelligence, iot, kubernetes, linux, macOS, mail, malware, microsoft, network, ransomware, risk, siem, soar, software, sophos, threat, tool, windows, zero-day -
Moonlock’s 2024 macOS threat report
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/moonlocks-2024-macos-threat-report/
-
Windows, macOS users targeted with cryptoinfo-stealing malware
Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/06/information-cryptocurrency-stealing-malware-windows-macos/
-
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Tags: access, cybersecurity, exploit, flaw, macOS, network, remote-code-execution, tool, vpn, windowsCybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.”By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels…
-
Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild
Tags: apple, cve, cyber, exploit, flaw, macOS, remote-code-execution, software, threat, vulnerabilityA critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting multiple versions of Apple Safari across iOS, visionOS, and macOS platforms. This flaw, located within WebKit’s DFG JIT compiler, poses a significant threat by allowing remote code execution (RCE). Affected Software and Versions Here’s a table summarizing the affected software and…
-
Sophos analysiert Infostealer AMOS: Neue Bedrohung für macOS-Nutzer
Um sich vor Infostealern wie AMOS zu schützen, sollten Nutzer ausschließlich Software von seriösen Quellen installieren und besonders vorsichtig mit P… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-analysiert-infostealer-amos-neue-bedrohung-fuer-macos-nutzer/a38249/
-
NokNok: Neue Malware hat es auf MacOS abgesehen
Die Hackergruppe Charming Kitten hat mit NokNok eine neue Malware in Umlauf gebracht, die es auf MacOS abgesehen hat. Statt auf Word-Dateien setzen di… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/noknok-neue-malware-hat-es-auf-macos-abgesehen
-
The Changing Threat Landscape: Infostealers and the MacOS goldmine
First seen on blog.f-secure.com Jump to article: blog.f-secure.com/infostealers-and-macos/
-
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack… First seen on threatpost.com Jump to article: threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
-
Godot Engine Exploited to Spread Malware on Windows, macOS, Linux
Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats. First seen on hackread.com Jump to article: hackread.com/godot-engine-malware-on-windows-macos-linux/
-
Wie man Videospiel-Engines für Hacking missbraucht
Check Point Software Technologies kam einer neuen Hacker-Masche auf die Spur. Mithilfe der Gaming-Engine können Cyberkriminelle verschiedene Betriebssysteme von vernetzten Geräten attackieren, darunter Windows, MacOS, Linux, Android und iOS. Verbreitet wird der schädliche Code von dem Malware-Netzwerk , die Check Point vor einigen Monaten untersucht hatte, über die Open-Source-Plattform Github. In […] First seen on…
-
Popular game script spoofed to infect thousands of game developers
A malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
Source Code Of macOS Banshee Stealer Leaked
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36643/Source-Code-Of-macOS-Banshee-Stealer-Leaked.html
-
Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht
Cyberkriminelle geben auf: Die Malware Banshee Stealer für MacOS wurde nach Veröffentlichung des Quellcodes aufgegeben. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/banshee-stealer-quellcode-geleakt-macos-malware-unschaedlich-gemacht-304847.html
-
Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection
The xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign files. The Lazarus Group is covertly embedding malicious data within system files using xattr, a…
-
Source Code of $3,000Month macOS Malware ‘Banshee Stealer’ Leaked
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak. The post Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/source-code-of-3000-a-month-macos-malware-banshee-stealer-leaked/
-
The source code of Banshee Stealer leaked online
Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. BANSHEE Stealer supports basic evasion techniques, relies on the sysctl API…
-
Weaponized pen testers are becoming a new hacker staple
Tags: access, attack, cloud, credentials, defense, google, hacker, iam, intelligence, linux, macOS, malicious, malware, microsoft, open-source, password, penetration-testing, RedTeam, software, strategy, threat, tool, vulnerability, windowsMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns.According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two conventional penetration testing tools were weaponized to account for almost half of all malware activities in 2024.”The most…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 21
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Fake AI video generators infect Windows, macOS with infostealers How Italy became an unexpected spyware hub Babble Babble Babble Babble Babble Babble BabbleLoader One Sock Fits All: The use and abuse of the NSOCKS botnet Helldown…
-
Steam cuts the cord for legacy Windows and macOS
Don’t say you weren’t warned First seen on theregister.com Jump to article: www.theregister.com/2024/11/20/valve_steam_legacy_os/
-
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
-
Apple Confirms Zero Day Attacks Hitting macOS Systems
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36616/Apple-Confirms-Zero-Day-Attacks-Hitting-macOS-Systems.html
-
Apple Security Update: Addressing Critical Vulnerabilities in Apple Software
Apple recently rolled out a security update that addresses critical vulnerabilities in multiple Apple devices. Released on November 19, the Apple security update impacts various platforms, including iOS, iPadOS, macOS, visionOS, and Safari, and is aimed at protecting users from increasingly sophisticated cyber threats. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apple-security-update-nov-2024/