macOS

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the […]

React to this headline:

Loading spinner

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

React to this headline:

Loading spinner

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave

Don't miss, GitHub, Hot stuff, macOS, News, open source, software /

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave 2024-07-31 at 07:02 By Help Net Security Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave. Typically, SSH keys are stored on disk with appropriate permissions, which is usually sufficient. However, it’s not overly

React to this headline:

Loading spinner

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave Read More »

Clever macOS malware delivery campaign targets cryptocurrency users

Don't miss, Hot stuff, macOS, Malware, News, Recorded Future, Windows /

Clever macOS malware delivery campaign targets cryptocurrency users 2024-06-19 at 14:16 By Zeljka Zorz Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorder Future’s researchers are warning. The threat actor behind this complex scheme is going after both Windows and Mac users, and leverages social media and messaging

React to this headline:

Loading spinner

Clever macOS malware delivery campaign targets cryptocurrency users Read More »

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers

AMOS, Fraud & Identity Theft, macOS, Malware & Threats, Recorded Future, Russia /

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers 2024-05-15 at 18:31 By Ionut Arghire Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software. The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Threat Actors Abuse GitHub to Distribute Multiple Information Stealers Read More »

Apple backports iOS zero-day patch, adds Bluetooth tracker alert

apple, Don't miss, Google, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, security update, trackers, vulnerability /

Apple backports iOS zero-day patch, adds Bluetooth tracker alert 2024-05-14 at 16:32 By Zeljka Zorz Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has

React to this headline:

Loading spinner

Apple backports iOS zero-day patch, adds Bluetooth tracker alert Read More »

Attackers leverage weaponized iMessages, new phishing-as-a-service platform

Android, Don't miss, Hot stuff, iOS, macOS, Netcraft, News, phishing /

Attackers leverage weaponized iMessages, new phishing-as-a-service platform 2024-03-27 at 12:31 By Zeljka Zorz Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial institutions, government

React to this headline:

Loading spinner

Attackers leverage weaponized iMessages, new phishing-as-a-service platform Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

React to this headline:

Loading spinner

Lynis: Open-source security auditing tool Read More »

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate

Featured, Mac malware, macOS, Threat Intelligence /

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate 2024-03-15 at 13:10 By Kevin Townsend Red Canary’s 2024 Threat Detection Report is based on analysis of almost 60,000 threats across 216 petabytes of telemetry from over 1,000 customers’ endpoints. The post Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate appeared

React to this headline:

Loading spinner

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

React to this headline:

Loading spinner

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

React to this headline:

Loading spinner

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »

Apple Patches WebKit Flaws Exploited on Older iPhones

apple, CVE-2023-42916, CVE-2023-42917, Endpoint Security, Featured, iOS, macOS, Malware & Threats, Vulnerabilities /

Apple Patches WebKit Flaws Exploited on Older iPhones 30/11/2023 at 23:02 By Ryan Naraine Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Apple Patches WebKit Flaws Exploited on Older iPhones Read More »

New MacOS Malware Linked to North Korean Hackers

macOS, Malware, Malware & Threats, Nation-State, North Korea /

New MacOS Malware Linked to North Korean Hackers 07/11/2023 at 18:04 By Kevin Townsend New macOS malware, tracked by Jamf as ObjCShellz, is likely being used by North Korean hackers to target crypto exchanges The post New MacOS Malware Linked to North Korean Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

New MacOS Malware Linked to North Korean Hackers Read More »

KandyKorn macOS malware lobbed at blockchain engineers

Cryptocurrency, Don't miss, Elastic, Hot stuff, macOS, Malware, News, North Korea /

KandyKorn macOS malware lobbed at blockchain engineers 03/11/2023 at 15:46 By Helga Labus North Korean hackers are using novel MacOS malware named KandyKorn to target blockchain engineers of a cryptocurrency exchange platform. The attack By impersonating blockchain engineering community members on Discord, the attackers used social engineering techniques to make victims download a malicious ZIP

React to this headline:

Loading spinner

KandyKorn macOS malware lobbed at blockchain engineers Read More »

From Windows 9x to 11: Tracing Microsoft’s security evolution

CISA, CISO, cybersecurity, Don't miss, Features, Hot stuff, Linux, macOS, Microsoft, News, opinion, strategy, Tenable, Windows /

From Windows 9x to 11: Tracing Microsoft’s security evolution 31/10/2023 at 09:01 By Mirko Zorz Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex

React to this headline:

Loading spinner

From Windows 9x to 11: Tracing Microsoft’s security evolution Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

React to this headline:

Loading spinner

Apple news: iLeakage attack, MAC address leakage bug Read More »

Apple Ships Major iOS, macOS Security Updates

apple, Endpoint Security, iOS, macOS, Malware & Threats, Mobile & Wireless, Vulnerabilities, WebKit /

Apple Ships Major iOS, macOS Security Updates 25/10/2023 at 23:01 By Ryan Naraine Apple patches dozens of serious security flaws in its macOS and iOS platforms, warning that hackers could launch code execution exploits. The post Apple Ships Major iOS, macOS Security Updates appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Apple Ships Major iOS, macOS Security Updates Read More »

macOS 14 Sonoma Patches 60 Vulnerabilities

apple, macOS, Vulnerabilities /

macOS 14 Sonoma Patches 60 Vulnerabilities 27/09/2023 at 15:30 By Eduard Kovacs macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities. The post macOS 14 Sonoma Patches 60 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

macOS 14 Sonoma Patches 60 Vulnerabilities Read More »

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

1Password, Alpine, Chrome, containers, Debian, Don't miss, Firefox, Google, Hot stuff, LibreOffice, Linux, macOS, Microsoft Teams, News, Opera, patch, patching, Rezilion, runZero, Signal, Slack, SUSE, Telegram, Ubuntu, Vivaldi, vulnerability, vulnerability management /

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,

React to this headline:

Loading spinner

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

0-day, apple, Don't miss, Hot stuff, iOS, iPad, Isosceles, macOS, News, security update, spyware /

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones 22/09/2023 at 13:19 By Zeljka Zorz Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citizen Lab at The University of Toronto’s Munk

React to this headline:

Loading spinner

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones Read More »

Scroll to Top